
PASSWORDS were never a great authentication technique. They’re too easy to guess, steal, or—the bane of modern existence—forget. That’s exactly why biometrics are superior authentication tools, says Nigel Stewart, security engineer at M.C. Dean, a Tysons, Va.-based company that designs, builds, operates, and maintains cyber-physical solutions.
Typically, authentication relies on one of three types of information: what you have (key card), what you know (pin or password), or what you are (biological marker). Users can forget the first two, but biometric data is closer to foolproof, says Stewart, who has seen a shift from validating objects, such as key cards, to validating the person. “A user can’t forget what they are,” he says.
IoT integrators may be able to capitalize on this shift by using biometrics in physical security and cybersecurity solutions.
Pros and Cons
Despite its popularity, biometrics experts note some quirks in each of the techniques. Facial recognition, for example, is good at one-to-one identification (like ensuring the image on that contactless license matches the passenger who shows up at the airport) but less accurate at distinguishing between family members who look very much alike, says Tim Meyerhoff, North American director at Iris ID, a recognition platform vendor.
Fingerprint readers, for their part, lose their luster outdoors when people have to spend a few extra seconds drying them off on a rainy day. Nor are they ideal for people who work with their hands, making their fingerprints less defined.
Merritt Maxim, a vice president at Forrester who focuses on identity and access management, says manufacturers moved away from fingerprint to facial recognition a few years ago, and the pandemic made fingerprints even less attractive to some.
Similarly, iris readers are second only to DNA for their accuracy but might not function as well in a bright area, says Stewart. “There’s definitely an art to how the technologies are used.”
Lack of standards is also a challenge, adds Stewart, who dissuades customers from using proprietary technologies that don’t share source code to back their claims, and can cause headaches if you need to change vendors later.