Biometric authentication – using your fingerprint, retina, or even your DNA to authorize yourself into an account – has been a hot topic in security for a long time. But it wasn’t until Apple’s iPhone 5S (the one with a little fingerprint scanner) came out that the discussion went mainstream. This was perhaps the push that was needed to get biometrics into other areas where security needs to be tightened. Last month, we spoke about bank account security and the multi-faceted problem that banking institutions face. It’s time to talk about a new trend we’ll be seeing soon in online banking that may fix this with biometric identification and authentication.
What Are The Incentives?
Some of the most secure banks right now use token-based authentication. You get a token that generates a special number which you use alongside your password to log in to your account. Sometimes, the token number is all you need. This makes it very difficult for thieves to get their hands on your funding, short of stealing the token device that is sitting (presumably) at home on your desk. Still, people who are close to you and have access to your home will be able to access your account without your consent.
Here’s where biometric authentication kicks in … It is meant to resolve two problems:
- Other people can still use your token device, but they’re less likely to be able to reproduce your body. Your account is locked down by you, quite literally.
- It’s inconvenient to have to scramble for a device that you can easily lose then type a different string of numbers every time you have to log in. Biometrics makes it easier for you to enter, but much more difficult for thieves.
So, we’re done, right? Not really…
The Issues Plaguing Biometric Authentication
While it’s relatively easy to put your finger on a device, it’s also easy to “scan” your fingerprint and reproduce it in a way that allows a stranger to impersonate you. See the video below for an example using the iPhone 5s.
While it’s easy to bypass fingerprinting, iris scanning may be more secure due to higher amounts of differentiation and a less reproducible medium for identification. However, it is cost-prohibitive and bulky. You can’t make such a thing mainstream just yet.
Ideally banks will be using a combination of fingerprints and passwords (if one is stolen, the other would still be required to enter an account). Using fingerprint recognition alone would eventually lead to predatory thieves that collect people’s fingerprints to steal funds.
Exploring Other Types of Biometrics
Here’s an idea: Why don’t we consider other things about the body that are unique and difficult to reproduce, yet allow for the same (or higher) level of convenience for the customer logging in? Nymi has a promising answer to this with its wristband, which uses your heart’s unique electrical pulses to verify your identity. If someone steals the wristband, there is still no way to reproduce the effect that would impersonate you. There would be no “print” left to imitate.
Voice recognition is also being looked at, which could sample several different aspects about your voice (up to and including your accent) and determine whether you are indeed you.
Are there any other biometric authentication technologies you may be aware of that could be used in banking? Let us know in a comment!