PASSWORDS were never a great authentication technique. They’re too easy to guess, steal, or—the bane of modern existence—forget. That’s exactly why biometrics are superior authentication tools, says Nigel Stewart, security engineer at M.C. Dean, a Tysons, Va.-based company that designs, builds, operates, and maintains cyber-physical solutions.
Typically, authentication relies on one of three types of information: what you have (key card), what you know (pin or password), or what you are (biological marker). Users can forget the first two, but biometric data is closer to foolproof, says Stewart, who has seen a shift from validating objects, such as key cards, to validating the person. “”A user can’t forget what they are,”” he says.
IoT integrators may be able to capitalize on this shift by using biometrics in physical security and cybersecurity solutions.
Pros and Cons
Despite its popularity, biometrics experts note some quirks in each of the techniques. Facial recognition, for example, is good at one-to-one identification (like ensuring the image on that contactless license matches the passenger who shows up at the airport) but less accurate at distinguishing between family members who look very much alike, says Tim Meyerhoff, North American director at Iris ID, a recognition platform vendor.
Fingerprint readers, for their part, lose their luster outdoors when people have to spend a few extra seconds drying them off on a rainy day. Nor are they ideal for people who work with their hands, making their fingerprints less defined.
Merritt Maxim, a vice president at Forrester who focuses on identity and access management, says manufacturers moved away from fingerprint to facial recognition a few years ago, and the pandemic made fingerprints even less attractive to some.
Similarly, iris readers are second only to DNA for their accuracy but might not function as well in a bright area, says Stewart. “”There’s definitely an art to how the technologies are used.””
Lack of standards is also a challenge, adds Stewart, who dissuades customers from using proprietary technologies that don’t share source code to back their claims, and can cause headaches if you need to change vendors later.
Potential Use Cases
For IoT solution providers, there are several emerging use cases in physical security such as facility access, restricted spaces, and parking areas. Attendance tracking is also popular.
“”The lowest-hanging fruit for a biometric reader is … any place where there’s a lot of high-value assets they want to protect,”” says Meyerhoff, such as a data center or law office.
Vertical industries where biometric adoption is expected to increase include banking and e-commerce. Banks are already using voice-based authentication, and it’s a good solution for populations unlikely to have the technical skill to enroll in other biometric programs, notes Merritt.
Meyerhoff says biometrics use in government will “”absolutely”” become more pervasive in public interactions, from service enrollment to voting to contactless driver licenses.
Businesses that help users share assets like cars or rental spaces are also beginning to experiment with biometrics. “”They have an obvious concern about fraud and want to make sure it’s the right person having access,”” says Stewart.
Healthcare has become another key vertical due to the desire for touch-free options and an expected move toward facial recognition for identifying remote-care patients.
Both Stewart and Maxim expect a big uptick in travel and hospitality too. Airlines have already found shaving a few minutes off of boarding time with facial recognition reduces delays and missed connections down the road. Soon, hotels will use it for smoother check-ins.
Whatever the setting, Stewart says, be open to options when meeting customers’ undoubtedly unique goals. “”Reach out to industry and find out as many different paths to reach those goals as possible,”” he says. “”Sometimes it might be the small vendor you’ve written off once or twice.””
Image: iStock
