Problem solve Get help with specific problems with your technologies, process and projects.

Should we use biometric authentication devices?

Are more companies using biometrics? SearchSecurity's resident identity management and access control expert tackles this question and reviews five fundamental barriers that may limit the growth of biometric authentication.

Who are the top biometric authentication providers? Are you seeing more companies deploying this authentication method?

The market for biometrics products is still too fractured to name specific top providers. The physical characteristics of the biometrics products available today vary from the mundane, such as fingerprinting, to the esoteric, like typing speeds and electrophysiological signals.

Until recently, biometrics was typically used at a physical security level – protecting facilities at military bases or impenetrable bank vaults, for example. But, because single-factor authentication methods are easy to break, companies have started looking to two-factor solutions, like biometrics.

However, the following five fundamental barriers may limit the growth of biometric authentication:

  1. Biometrics can be complicated and costly to deploy. All biometric deployments require installation of their own hardware and application servers.
  2. The market is still fractured. Should you buy a fingerprint reader, a voice recognition system or an iris scanner? Since each product differs greatly in its approach and installation, it is difficult to compare them during a typical company bid process.
  3. Biometric data is like any other data. It sits on servers, which are bait for hackers if not properly hardened and secured. Therefore, when reviewing any biometric product, make sure it transmits data securely, meaning encrypted, from the biometric reader back to the authenticating server. And, make sure the authenticating server has been hardened, patched and protected.
  4. Biometric readers are prone to errors. Fingerprints can smudge, faces and voices can be changed and all of them can be misread, blocking a legitimate user, or permitting access to an unauthorized or malicious user.
  5. Difficulties with user acceptance. Properly trained employees may be willing to use biometrics devices, but customers, like those logging on to your Web site, may be more reluctant to use – or worse, forced to purchase – a device that's difficult to use or makes doing business, such as banking, on your site, a hassle instead of a convenience. And both your employees and customers may be squeamish about exposing their eyes to devices like iris scanners, even if they appear harmless.

Despite these issues, biometrics is slowly gaining acceptance for two-factor authentication purposes. The products are getting better, lighter and easier to use. Error rates are going down, and fingerprint readers installed on tokens and laptops are getting smaller and less intrusive. And, like the rest of the security product industry, vendors will eventually merge and consolidate, uniting a fractured market, which will make it easier to choose a product that suits your business needs.

More on this topic

  • Read this tip and review biometric best practices and pitfalls to watch out for.
  • Learn why Information Security magazine believes BioPassword Internet Edition is a viable authentication option.
This was last published in July 2006

Dig Deeper on Biometric technology