Biometrics: The Cure for Bad Passwords?

• in categories: advice • by: Michelle Balestrat

If you’ve purchased a mobile device or laptop within the last two or three years, chances are it includes some form of biometric scanner. Some people are understandably hostile towards this industry move, with concerns that it might be used for more nefarious data collection purposes.

Image: White handprints on a black background.

However, due to the novelty of biometric scanners included in consumer devices, mystery and misinformation seems abundant.

In reality, using a biometric scanner can provide a very easy way to increase the security of a device when compared to other methods. Read on to find out why biometrics might be the new security saving grace.

##An Answer to the Tradeoff?##

It’s not so often that adding a layer of security actually makes it easier to log in. As we’ve seen with other security measures such as Two Factor Authentication, an extra layer can mean the difference between an easy target for hackers versus a very difficult prospect indeed.

However, second layers of security usually come at great expense to login time – in the case of accessing services, this can mean a painful process with code generating apps, waiting for SMSes to appear on your phone, or digging through your email for a referral code every time you log in. For devices, it often means an intimidatingly long passcode, typed in every time you pick up your device… ouch.

Uniquely, biometric scanners allow you to simply swipe or tap to gain access to your device. This, in turn, can free you to create a much stronger PIN or lock password, as you’ll no longer need to hammer it in every time. The average person accesses their phone a whopping 46 times a day on average… so that’s a lot of rescued time!

Given this benefit, you can afford to drastically shorten your device’s lockout time. This can help prevent intercepting from unwanted parties if you leave your device unattended – while a default 30 seconds might seem small, it’s just enough time for a nimble interceptor to quickly grab and begin using it. A 10 second lockout, however, is going to require a far more agile attacker!

##Growing Support… and Concern##

Many online services (like some password managers or online banking), now also support biometrics, so you can simply use your fingerprint to gain access while using a biometric-enabled device.

With this simplicity comes concern about the very real privacy implications of this tech. Previously kept only by law enforcement, your fingerprint is a key part of your identity. Unlike a leaked password, it can’t be changed – leading to worrying amounts of responsibility resting on the shoulders of online services choosing to allow biometric logon.

For now, the compromise we’re seeing on most mobile devices is that biometric data stays encrypted locally on the device itself – much like a local encryption key used by many password managers. This means that your fingerprint or face unlock data is never sent over any network and resides securely on your phone.

Apps can take advantage of this by having you log in via their online portal only once using your password, then keeping the unlocked app paused in the background. When you next feel like using the app, you’ll only need your fingerprint to do so – however the app and its developers remain blissfully unaware of your biometric data.

This provides the convenience of using your fingerprint to unlock cloud or online services without the risk of actually sending out your personal data. If this is an acceptable middle-ground for you, then it’s very likely that your security can only benefit greatly from adding a biometric logon.

As with all security matters, it’s best to know yourself. Are you prone to leaving your phone, tablet or laptop without a passcode for easy access? Do you access your device non-stop throughout the day? Are you a frequent user of online banking on your device?

If so, then going biometric might allow you to add a sustainable security boost to your mobile device.

Boost your breach protection!

Email Watchdog

Guard your online accounts.
  • 10 and 50 email packs available.
  • Detailed breach notifications.
  • Watchdog Update email newsletter.
  • Priority email support.
Learn More

Business Watchdog

Protect your company’s accounts.
  • Protect all email addresses in your domain.
  • Detailed breach notifications.
  • Exclusive access to your domain’s breach status.
  • Watchdog Update email newsletter.
  • Priority Email Support.
Learn More