Traditional usernames and passwords have increasingly come under scrutiny as hackers find new ways around them to gain access to individuals’ accounts and information
Behavioural biometrics are the next step to keeping individuals protected online, especially in banking.
Traditional usernames and passwords have increasingly come under scrutiny as hackers find new ways around them to gain access to individuals’ accounts and information.
“The way the industry has operated until today has been to use a sort of ‘Swiss-cheese effect’, which is to put layers and layers of controls in place [to plug the holes], but these can be circumvented through programmatic means, by bots, or indeed, more and more by social engineering,” said Saeed Ahmad Managing Director for the Middle East and North Africa at Callsign.
More organisations are moving away from passwords. Last month, Apple, Google and Microsoft said they were teaming up to expand passwordless sign-in.
“In light of the onslaught of data breaches, a password-based approach is no longer an option. Multi-factor authentication (MFA) is a must,” a report from OneSpan read. Some multi-factor authentication is clunky though, requiring users to switch apps to enter a one-time password.
Even if biometrics are more secure than passwords, hackers will always be knocking at the door. But behavioural biometrics – like the way a person types their email address – are more secure than facial recognition.
“But behavioural biometrics in particular, are very difficult to imitate. The way you hold your mobile phone, the way you swipe it, and the way you use it is particular to you.”
In 2020, the behavioural biometrics market generated around $1.1 billion, and is expected to reach $11.2 bn by 2031, according to Future Market Insights.
Because it relies on a user’s natural actions, behavioural authentication takes little time. They’re also flexible and can deliver data to challenge the login when a trigger is hit.
“Behavioral biometrics can play an active role in mitigating fraud risk. Its similarity score can be used for fraud analysis, acting as one of the data points to determine the risk score of a transaction. This way, it can also help reduce false positives,” the OneSpan report found.
Using behavioural biometrics can save costs and also means a reduced need for administration.
But the shift away from passwords has left some people apprehensive.
“People are conditioned to using usernames and passwords,” Ahmad said. “So when you’re asked to go on a journey where user IDs and passwords aren’t being asked for, quite frankly, a lot of customers are wary about that and think ‘why am I not being challenged?’”
Education and awareness, which are underway, are the way around consumer concerns that no passwords means lower security, Ahmad said.