Biometrics To Replace Passwords Is A Bad Idea [Opinion]

Last week I opened up my inbox to find a new email from LinkedIn Security. “Reset your LinkedIn password” read the subject line. When I clicked it open somewhat suspiciously, this line jumped out at me.  “We’ve recently noticed a potential risk to your LinkedIn account coming from outside LinkedIn. Just to be safe, you’ll need to reset your password the next time you log in.”

I’d known that a list of 117m LinkedIn usernames and passwords had turned up for sale on the dark web, but to me it was an abstraction.

I’ve written about cybersecurity hacks and the implications of data leaks, but the consequences only hit home when this happens to you. And it’s very likely to happen (or already have happened) to each of you sooner or later.

As a whole, we are failing miserably at even basic security measures: everyone from large corporations to well-informed individuals fall prey to novice password errors.

We should be using password manager apps that randomly generate passwords stored in an encrypted file, but that’s not how most of us manage our online lives. Instead we resort to easily remembered keys, which are rendered inherently useless because they can be easily guessed.

Increasingly, it seems that passwords are going to be replaced by…you. Your face, your fingerprints, your iris, even your heartbeat will authenticate your entry into the digital world.

According to the Biometric Research Group, 650m people used biometrics to operate their mobile phones at the end of 2015. By 2020, the number of biometric smartphone users will be at 2bn and growing. In fact, Europe’s new data protection regulation for businesses, the GDPR, includes clauses relating to how genetic and biometric data must be treated, foreshadowing their widespread use.

We can’t stop the sweeping changes, but we’d better watch out: relying fully on biometrics is a bad idea. Not only is it inconvenient – people tend to share accounts and devices with others, making unique biometrics a hindrance – but it could also be genuinely dangerous.

Today, most of us are still struggling with a copious number of passwords. So we use memorable phrases, words and numbers. For instance the LinkedIn data showed that “123456” was the most popular password, apparently used by 1.1m users, while “linkedin,”came in second with 172,523 instances of use.

Evidence of this ridiculous habit is bolstered by a separate study from January which found that “123456”, “qwerty” and even “password” were among the most commonly used passwords on the internet.

Another way we cope is by reusing the same (perhaps highly secure) password for multiple accounts. I myself had to backtrack and change the locks on several digital doors after the LinkedIn warning because of my rash password reuse. Research has found that hackers have successfully accessed victims’ other online accounts by reusing passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.