As banking and payments become increasingly advanced, the security protecting them needs to be more advanced as well. An often-touted solution is biometric security, but can this ever truly replace the tried-and-tested password? Patrick Brusnahan reports from the Digital Banking Club’s latest debate in London
The first of the Digital Banking Club’s debates of 2017 honed in on the topic of biometric security. Hosted at the prestigious Law Society in London, the debate took the traditional form with two teams slugging it out over the motion: This house believes the password will never be replaced by your body.
Go deeper with GlobalData
Is the password past its prime?
Simon Cadbury, director of strategy and innovation at Intelligent Environments, opened the debate with admiration for the maligned password. He stated that while passwords were not perfect, they could be the best, with some improvements.
He said: “The password has become known and understood by everyone, but when the most common password is 123456, surely we can do better. We don’t need to replace passwords; we simply need better ones.
“However, authentication via body parts is complicated and expensive. Your body will never replace a password. Body parts do not provide a better counterpart. Body parts cannot be reset. Behavioural biometrics can’t help you if they don’t know you.”
Cadbury added: “Effective passwords rely on randomness – something that we just aren’t equipped to generate or remember. Creating and remembering one good password is a serious challenge, but most of us need 25. No wonder, then, that a third of people claim they forget a password at least once a week.
“Worse still, under Moore’s law, passwords are becoming easier to crack with every passing year. Yet, despite decades of user education, we aren’t making our passwords any stronger. The time seems ripe for biometrics to take over from passwords as the principle way we authenticate ourselves. But then again, we’ve been saying that for a very, very long time now.”
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataOn the opposing side, Daryl Wilkinson, MD of DWC and former head of innovation at Nationwide, argued that the password was an outdated piece of kit.
“Biometrics not replacing passwords sounds like cars not replacing the horse and cart,” Wilkinson explained.
“Passwords are over 50 years old. Even the originator of the password considers them to be a nightmare. Research from Equifax showed that people shopping online actually preferred to use biometrics.”
Are biometrics enough?
Ian Bradbury, CTIO financial services at Fujitsu, claimed he had no problem with biometric solutions, but there were flaws that limited its usefulness.
He said: “I’m not here to say biometrics do not have a part to play. My point is that it is not infallible.
“Biometrics can only ever be one factor. If biometrics don’t work, what’s the backup? It will be a password or a PIN. If someone breaches my fingerprint, I can’t grow another finger,” Bradbury pointed out.
“In addition, from an inclusion perspective, not all of us can use biometrics. There are people who are not comfortable using biometrics. That’s not going to change.
Paul Trueman, SVP, global enterprise risk and security at MasterCard, started by claiming that all passwords are probably written down somewhere, whether we like it or not. This, in turn, needs to change.
“We’re changing our password model, because we have to. Passwords are not a horse; at best, they are a lame donkey,” Trueman quipped.
“Now that everything is connected through the internet of things, there’s a lot more to steal and passwords are not acceptable. There are a number of good and proven solutions out there that are developing. Passwords are just a lock on the door with its key in sight.
“51% of passwords used today are forgotten within a week. People probably have somewhere between 70 and 80 various accounts. If you only have a couple of different passwords, those are now everywhere. The reason passwords survived so long was because they were cheap and easy to implement.”
Trueman added: “There’s a need for intelligent friction. There is no one solution, no one perfect lock on the door. You need backups, but the backups do not need to be a password. It’s down the list, but there are many options and that’s what multilayer is all about.
“More will change in the next five years than in the past 50. You can’t put on noise-cancelling headphones and turn off the world.”
Are biometrics reliable?
Enza Iannopollo, security and risk analyst at Forrester, stated: “Banks would prefer any other magic tool than something like facial recognition in terms of replacing passwords.
“Passwords are very easy to integrate and are straightforward, whereas body parts have false positives and negatives. The future is not a place where body parts will replace passwords, but enhance them.”
However, Chris Gledhill, CEO and co-founder of Secco Aura, was much more positive about biometrics.
He said: “At some point between now and our bodies being replaced, passwords will be replaced. Biometrics can help people gain control on their finances and can greatly aid financial inclusion.”
As an example, he explained that customers who are unable to type or remember passwords could be able to use their voices to gain access to their finances.
While there are voice-replication programmes being launched, they cannot yet recreate dialects, and while in the short term there will be problems, as there are with all forms of biometrics, they will improve in the future.
“Behavioural biometrics are truly unique,” he continued. “There are fundamental problems with passwords, and there problems with biometrics, but to say they will never replace passwords is impossible.”
