Beyond passwords and 2FA: The evolution of authentication technology – Science & Tech

The demand for biometrics in today’s society is currently growing. A more reliable authentication system that prioritizes user experience is not just a want, but a need.

Businesses from various sectors, including health and insurance, financial services and education, are searching for ways to allow their customers to access accounts as conveniently and securely as possible.

Throughout the years, technology has evolved to fit our needs. With each advancement, we find new elements we can build upon to improve the system. From the traditional personal identification number (PIN) and password system, we’ve realized that hackers can obtain users’ information to disguise themselves and gain access.

Several techniques have been employed in an effort to eliminate fraud by adding an extra layer to one’s PIN or password. An example of this is asking knowledge-based questions requiring personal responses that presumably only the user will know. Another technique involves requiring users to change their PIN or password periodically at predetermined times.

These refinements present significant flaws. Security questions, just like PIN codes or passwords, can be obtained by hackers, especially if the user writes down the information by hand or somewhere online. Changing a PIN or password regularly is burdensome for users and often creates confusion, as there is even more to remember, leading people to write them down somewhere.

Another alternative is implementing multi-factor authentication (MFA), an extra layer we include as an added form of security on top of the traditional system. In essence, to more strongly identify an individual, MFA includes three factors: something you know (all the methods discussed thus far), something you have and something you are.

The most widely-used extra layer today is the one-time password (OTP) – where a code is sent to a user’s registered email or phone – an example of something a user would have. This layer provides us with more confidence that the attempted login originates from someone who also has access to the user’s contact information. However, this raises other security concerns: What if the user does not have access to their phone or email at that time? What if the user’s email gets hacked? What if the user has lost their phone?

A more recent alternative, also used in MFA, is fingerprint authentication. This use of biometrics provides a means of recognition tied to “something you are”.

Fingerprint authentication has been commonly utilized in banks and large institutions, including law enforcement. Although this method seems to be a breakthrough in the world of authentication, user experience has shown it also presents significant limitations; it requires specialized machinery and is therefore costlier, and it fails to include the entire population. Blue-collar workers whose fingerprints might not be viable for recognition would be unable to use the system. A hairstylist’s fingerprints, for example, may not be as distinct for verification because they are regularly exposed to hair-care chemicals.

According to a survey, white-collar workers, too, have difficulty clocking in at work using their fingerprints. Therefore, we need a better solution that does not require a special machine, that is user-friendly, and that is inclusive – one that anyone can use, regardless of their age, gender or race – while also providing the highest level of security.

Facial recognition may provide the solution, as it relies on facial features to recognize a user’s identity with just their phone camera – without any additional device required.

Unlike fingerprints, which are unreliable at times, your face is a modality that you can rely on. (kes)

***

Rizki is the head of Indonesia for Element Inc, a biometric AI startup aiming to help build more efficient and inclusive societies.