Is fingerprint authentication more secure than passwords?
Feb 29, 2016|
Fingerprint-based authentication on mobile devices has many advantages. It is easy and fast to use and provides a great alternative to password typing. But is it also more secure than passwords? After all, it is a biometric technology and biometric technologies are considered the most secure way of authentication, right?The problem with passwords is that they're easy to steal and sometimes easy to guess. The chances of two fingerprints to look similar to the fingerprint reader are around 1:50,000 which is pretty good and also stealing someone's fingerprint and building a fake finger is much harder than stealing a password. So from that perspective, it is much more secure then a password.However, to really answer the question, we need to look at how banks and enterprises use fingerprint authentication with their mobile users. The way this usually works is that the user downloads the mobile app, logs in with username and password and then opts-in for fingerprint authentication. From this moment on, the user can log in to the app using a finger instead of a password. However, fingerprint authentication data always remains local on the device. This means that when the user buys a new mobile device and downloads the app again, the app has no way of using the fingerprint data that was collected by the previous device. Therefore, the app must authenticate the user again with a password and only then re-enroll the user for fingerprint authentication on the new device.The problem here is simple. Fraudsters can continue stealing passwords from users and use these passwords to log in on behalf of the victim from new devices. When this happens, the business has no easy way of knowing whether this is a fraudster who stole login credentials or a legitimate user who has switched a device.The conclusion is that it is the implementation of fingerprint authentication that determines whether it is more secure than a password or not. It's probably as secure as a password as long as passwords are still being used to enrol fingerprint authentication and can be as easily stolen.Banks and enterprises who want to improve security using biometrics and also keep the usability advantages of fingerprint authentication need to look at an array of authentication techniques, some visible and some not, and have a smart way of knowing what to trigger when in order to keep a high level of assurance in the user's identity across devices.