At Experian, consumer credit and finance education is our priority. This post may contain links and references to one or more of our partners, but we provide an objective view to help you make the best decisions. For more, see our Editorial Policy.
The Identity Theft Resource Center (ITRC) estimates that the average adult has been breached at least three times since 2005. Everyone needs to know how to protect their identity, and new technology is racing to stay ahead of the hackers.
Traditional passwords are proving to be no longer enough, but you can make your data harder to access through two-factor authentication. Instead of giving only a password, two-factor authentication requires you to verify yourself usually through another device such as your phone, tablet or laptop, adding another layer of security to online accounts.
The next frontier to authenticate yourself is by using biometrics, which are characteristics used to verify a person's identity through a device. These characteristics are measurable traits, both physical and behavioral, that can be detected and recorded as a way to identify a person.
You Are the Password
Physical biometric features can include your fingerprint, a handprint, eye scan, and facial recognition. Behavioral traits can include voice recognition ("Hey, Siri"), how you type on the keyboard (hunt and peck or stenographer), the length of time a user spends on an individual site (like your bank) and geo-location data (where you are logging in from). These attributes are unique to individuals and therefore more reliable in verifying identity than a password, or asking what your favorite food or movie is or where you went to elementary school.
The Future of Biometrics
Many in the cybersecurity industry feel biometrics are the next wave of protection for consumers.
"We are already in the age of biometrics, and we largely have three factors to thank: smartphones, a digital-first mentality, and the failure of passwords," said Al Pascual, research director and head of fraud and security at Javelin Strategy and Research. "Today, consumers and service providers have both placed biometrics at the top of their list. Since last year consumers have held nearly every major form of biometrics in higher regard than more traditional authentication solutions like knowledge-based authentication."
Fingerprints biometrics are becoming the most common identity feature on smartphones. According to the latest research from Counterpoint, more than 1 billion fingerprint scanner-equipped phones will be shipped in 2018. The trend is being accelerated through cheaper costs to bring the feature to lower-priced phones. Meanwhile, 93% of top U.S. financial institutions already offer fingerprint scanning in their mobile applications, according to Pascual.
According to Acuity Market Intelligence, all smartphones will have at least some kind of biometric technology on board by 2019 and that same growth will extend to wearables and tablets by 2020.
Going a step further, the new iPhone X, Samsung's Galaxy S8 and other Android devices have a feature that has everyone talking—facial recognition. It's the latest evolution in the use of biometrics to verify ourselves, and the timing couldn't be better as the phones are coming out when consumers are dealing with heightened concerns over identity protection.
But is this too far? Or too much like science-fiction? The new Blade Runner 2049 movie makes reference to facial recognition technology but cameras are already scanning face of citizens in China.
There were immediate privacy concerns with Apple's FaceID and even whether users would be comfortable scanning their face. "Facial recognition isn't the most favored form of biometrics among consumers but it garners more trust than a voice for sure," says Pascual. "Apple's fingerprint technology, Touch ID had a seamless nature, when it worked, that lended itself to a smooth user experience. If FaceID cannot replicate that same type of experience, then it will mostly be relegated to younger and more tech-savvy consumers."
In a recent poll from Morning Consult, only 34% of U.S. adults held a favorable view of facial recognition software. Even more pointed were U.K. consumers, where 54% thought facial recognition technology was creepy according to a poll from RichRelevance.
Will Hackers Steal My Biometric Data?
Criminals are always going to look for the weakest link in the chain. They may try to "spoof" facial recognition features using photos of you from the Internet to gain access. In fact, a German security researcher spoofed a Samsung Galaxy S8 phone using a still photo. But phone makers are making it even harder to do combining both physical and behavioral biometrics.
"Ironically, much like Social Security numbers, we are married to our biometric identifiers," Pascual says "Fortunately, biometric solution providers continue to improve their ability to detect liveness—in essence, determining that the biometric being provided belongs to a live person and is not a copy."
While no authentication system is invincible, it's a lot easier to crack a password than an identity, which is why biometrics are the next frontier in cyber security.