The Forever Password
A password you can never lose and never forget. A perfect solution or a terrible hellscape?
Enter Your Password
How many times a day do you enter a password for something? Unlocking your phone, accessing email and social media, or maybe you have a passcode to open the door to your building. The number of things we have to remember a password for is astounding. There is an entire industry just trying to help us remember our passwords (LastPass, 1Password, etc).
Biometric passwords have been heralded as the solution to the password problem. One identifier that is unique to who we are. It used to be something of science fiction. Fingerprint readers, retinal scanners, voice patters, and DNA tests all used in books, movies, and stories for years as some not so distant future.
The technology has been around for quite some time, but has really become consumer facing in the past 5 years. I thank a large part of that to Apple with their Fingerprint ID and Face ID platforms. They put the idea of biometric passwords in millions of peoples of hands on a device that we unlock numerous times a day.
There are some obvious advantages to biometric passwords.
There is no need to remember or create a password. You're just using a unique identifier that already exists on your body.
It's must faster to scan your fingerprint than type in a password. You can be authenticated and logged into system much faster with biometrics.
I use biometric security daily. It's almost impossible not to use today. But I still have my skepticism of it. I limit what is tied to biometrics. My biggest skepticism being privacy.
What happens when you biometric data is used for other purposed other than to log in? The company you are supplying your data to could collapse one day and sell of your data. Or just have a bad quarter and using selling your data as a way to increase profits.
A bigger concern is a data breach of biometric security. What happens when your fingerprint and face scan are free for everyone to download. You can't use that password again, and you can't just reset it. Once a biometric password is created, there's not changing it.
You are also relying on technology to take a biological feature and turn it into 0s and 1s for the computer to understand. These systems aren't perfect. There are examples of these systems making mistakes by letting incorrect people access data or not allowing the actual person to log in. What happens then?
A good way to mitigate some of the data risk is by using multi-factor authentication. Using a secondary password or code with your biometric scan. This will provide far greater security. And if you biometric password is ever leaked, at least your login will still be secured by MFA.
Do you use any biometric passwords? Were you hesitant or all in from the start? Share your experience in the comments.
A thought to leave with, are biometric passwords going to be the last access system we ever need?
I must admit I never considered the possibility of companies selling users’ biometric data. However, it’s my understanding that with an iPhone, your biometric data is stored on the device and not on Apple’s servers. Therefore, I wonder how portable that data is and if Apple, in this case, has access to the raw biometric data.