Biometric Authentication is Coming. But is it Enough?

September 12, 2016

Blog

Gautam Hazari, Technical Director, Personal Data, GSMA

The Internet of Things (IoT) will transform a great many facets of daily life. One casualty of this coming change which tends to go unnoticed, however, will be the traditional username-and-password method of online authentication.  The advent of the IoT will quickly render that present norm outdated.

The coming proliferation of new connection points, and consequent multiplicity of new security checks, will leave that solution cumbersome; there simply will be too many logins for anyone to remember a username and password for each. A natural replacement is already stepping into the breach: biometric authentication, whereby users verify their identity by presenting a part of their own body such as a fingerprint.

Few can now doubt that biometric authentication is set to expand vastly over the next decade. By 2020, for example, the number of biometric smartphones is expected to increase tenfold to two billion.

Market research shows that consumers anticipate the added convenience biometric solutions can offer in transactions, and want to see their adoption. According to a survey conducted by Visa, more than two thirds of Europeans are interested in using biometric authentication while making payments. The evidence also confirms, however, that consumers do not wholly trust the security credentials of biometric authentication, and prefer to see it integrated with other security measures than as a standalone method of verification.

These are not merely cautious instincts over a nascent technology. Reservations over the safety of biometric authentication are well-founded. At a glance the technology may seem foolproof, resting on such unique and complex personal identifiers as an iris.

However, biometric credentials are not secret. Hackers are already devising ways of obtaining and replicating the information from different sources. For example, fingerprints can be obtained in various ways, and unlike usernames and passwords, when that information is stolen it cannot be changed.

Once the security of biometric data is compromised, it stays compromised; it cannot therefore be relied upon on its own. The security of biometric data can be improved by being used in tokenised form but as David Emm, principal security researcher at IT security company Kaspersky puts it, the future of security is in “combining more than one item from something you know, something you have and something you are to verify your identity.”

It is therefore imperative that the sector provide consumers with what they demand: an additional means of authentication to allay security concerns over biometrics, but without the added inconvenience of usernames and passwords.

Mobile Connect does precisely that. By using the possession of the mobile device as the first factor and then allowing users to verify their identity biometrically as a second factor; and they need no longer concern themselves with details to remember – nor the potential for stolen data to compromise their accounts. These technologies should not be seen as competitors for the same market; they are natural and effective collaborators in the security landscape of the near future.

Back

MWCA Mobile Connect Seminar Presentations The Mobile Connect Seminar at the 2017 Mobile World Congress Americas was designed for operators and digital service providers looking to offer secure identity services to their...

Read more | See all Identity Resources

Operator cooperation in South Korea has created a successful identity To ensure broad service provider adoption, SKT and the other Korean operators realised that they needed to offer a single identity solution with full market coverage, and subsequ...

Read more | See all Identity Resources

Driving Mobile Connect Usage – Turkcell Looking to improve its customers’ experience and further differentiate its proposition, Turkcell launched Mobile Connect initially on its self-care mobile application and websi...

Read more | See all Identity Resources

Mobile Connect London Summit: Presentations Taking place on the 25th and 26th April, the Mobile Connect London Summit was a forum for leading figures in the wider mobile industry to debate the most pressing issues in the...

Read more | See all Identity Resources

The PSD2 Opportunity: Mobile Operators and Fintech This paper discusses the opportunities relating to the partnership between mobile network operators and fintech companies, and how both parties can benefit from each others&#...

Read more | See all Identity Resources

SK Telecom: Integrating Existing Identity Solutions into Mobile Connec In December 2016, SKT adapted both T-Auth and T-ID to comply with the Mobile Connect specifications. The goal was to make it easier for international customers to use SKT’s app...

Read more | See all Identity Resources

Tapping into Asia’s Blossoming Digital Identity Market – Next Asia’s digital economy is growing at a remarkable pace. Recent research shows that, over the last year alone, the number of digital consumers in Southeast Asia rose by 50 per c...

Read more | Visit Identity Blog

Operators Taking the Lead in Digital Identity Consumers are increasingly tired of usernames and passwords. As the variety of online purchases made by the average person has increased, so has the number of different login det...

Read more | Visit Identity Blog

Implanted Microchips: a Bridge too far David Pollington, Technical Director, GSMA Among the more striking items in technology news last month was the announcement by Three Square Market, a company in Wisconsin that i...

Read more | Visit Identity Blog

US Operators Join Forces on Authentication Mobile network operators are taking the lead in identity authentication.  It was announced last week that the four largest operators in the United States – AT&T, Sprint, T...

Read more | Visit Identity Blog

3 Reasons to Attend MWCA’s Identity Seminar Whilst digital technology has stimulated the growth of new and innovative services across practically every sector in the, service providers have yet to fully capitalise on this ...

Read more | Visit Identity Blog

Could UK’s Planned GDPR Implementation Signal Global Trend? In 2017, the UK Government announced its plans to introduce new legislation that will give citizens greater control of their personal data. The legislation will expand on existin...

Read more | Visit Identity Blog

Digital Single Market Workshop at the European Commission November 29, 2017 Principles and guidance on eID interoperability for online platforms – finalisation and way ahead Register Now This workshop aims to discuss and finalise, together with sta...

Read more | See all Identity Events

Future of Payments Conference December 05, 2017 Register Now To round off the European payments year, Vendorcom is taking a look at some of the most strategic questions confronting solutions providers, service users, end users...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.