Copywriter, Informa Markets

September 22, 2020

Sign up to free email newsletters


The Video Surveillance Report 2022

London Tech Week

How breakthroughs in privacy-enhancing technologies enable the future of biometric authentication

Biometrics-FacialRecognition-20The first virtual London Tech Week took place in early September, providing attendees with unmissable content from a range of experts discussing the latest innovations in tech and its impact on businesses. Security featured in several discussions, including in one seminar where Fabian Eberle explored how breakthroughs in privacy-enhancing technologies were enabling the future of biometric authentication. Olaf Jensen reports.

Passwords have been around for around 60 years, but they no longer provide the protection from cyberthreats they once did, and new alternatives have emerged that may yet supplant them.

Indeed, Fabian Eberle, COO and Founder of cybersecurity firm Keyless speaking at London Tech Week’s digital conference earlier this month, sees it as an ambition to eliminate the humble password. He can do this, he says, through a combination of machine learning and multimodal biometric authentication that he believes will revolutionise how people are identified and authenticated.

The need to replace passwords is particularly pressing because they are notoriously insecure. It may come as no surprise that an astonishing 2.3 billion credentials were stolen by hackers and cybercriminals in 2017 alone.

Why? Because nobody follows best practice when it comes to password security. Even IT leaders are not immune: around 55% of them reuse the same password across multiple services – in fact, 51% of all passwords are reused. All this means that around half of all helpdesk calls are for password resets, and passwords cause approximately 80% of all data breaches.

What are the alternatives to the password?

There are typically three factors of authentication used today: inherence, such as physical characteristics used in biometric security like our face or fingerprints; possession, as in something we carry that generates a pin code; and knowledge, which covers anything we have to remember like a PIN or a password.

Each has benefits and drawbacks. For instance, while passwords are quite secure in theory, remembering them can be difficult and once they are compromised, they offer no additional security, and a centralised database of passwords attracts the attention of hackers. Biometrics, meanwhile, are unique to us, meaning there’s nothing for us to forget, but it is sensitive data and storing it is a burden for businesses – they also cannot be changed.

The main challenge is to balance the trade-off between security and privacy on one hand, and convenience and user experience on the other. Which of these matters most is extremely dependent on context: users consistently rank security above convenience when it comes to, for instance, a banking app, while prioritising convenience for social media.

What does the future hold?

COVID-19 has arguably highlighted the need for what Eberle calls a “password-less paradigm”. Greater digitalisation and an increasingly mobile or homeworking workforce has made the password more cumbersome. Indeed, data suggests that the average worker spends around 24 hours entering passwords each year.

Biometric security is set to play a big role. A demand for a better customer experience, the growing threat of cyberfraud – there has been a 600% rise in phishing attacks during the coronavirus pandemic – and more stringent data protection regulations such as GDPR have driven the adoption of biometric authentication. It’s convenient, already familiar from our smartphones, and requires the use of something we always carry around with us, such as our face and fingerprints. But it’s not fool proof, and still needs an extra layer of protection.

The solution, explains Eberle, is to combine multiple authentication factors, such as a one-time, generated pin code and a fingerprint scan. This is known as “two-factor authentication” and is increasingly recommended to individuals as well as businesses as the best line of defence against cybercriminals. To Eberle, multi-factor security should be baked into a system by design.

Eberle’s Keyless software is just one of a new generation of security providers that combine multiple security measures. In this case, that means machine learning, cryptography and biometrics. It lacks a centralised database, making it less of a target for hackers, and features anti-spoofing software that means photographs won’t fool the biometric sensor. In the future, the system may even measure behavioural characteristics such as keystrokes or the precise way the user holds their phone.

A greater consumer awareness of privacy and security means firms will increasingly seek to give users personal control over their data. Services like Keyless are the start of that process, because they do not centralise control of their users’ data in one place. But the humble password, stored centrally or dependent on the user’s memory, may have no place in that future.

Find out more about the topics under discussion at London Tech Week.

Subscribe to the IFSEC Insider weekly newsletters

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Notify of
Inline Feedbacks
View all comments