Will We Live to See the Death of the Password?

Marie Austenaa, Vice President and Head of Personal Data & Mobile Identity, GSMA answers questions about why consumers and companies are turning to biometrics, challenges with adoption and the potential impact it could have on retail and payment sectors.


Why are more and more consumers and companies looking to biometric authentication?

The ubiquitous use of mobile devices and the inclusion of digital sensors – touch screens, cameras, microphones and GPS mean the expectation around how these devices can and should be used are changing.

While PINs and passwords are still the most widely used method of authentication, research by IBM showed that on average users can only type at six words per minute on a mobile device – making password entry a  time-intensive and painful task, along with having to remember the correct password in the first place.

Mobile phones are becoming smarter and faster, making biometric authentication a very real and safe alternative to having to manually enter a password via mobile. Take up of the iPhone Passcode mechanism has increased dramatically now that users can use their fingerprint instead of setting up a passcode, whether users accept this as being sufficiently secure way to authorise a financial transaction remains to be seen. Samsung and PayPal probably have the best data on this given their tie-up around the use of the Galaxy 5 fingerprint sensor for PayPal purchases but have not released any data so far (Although apparently there have been 1 million+ activations).

Biometric technologies are becoming increasingly accessible and free through the use of mobile and offer users higher levels of assurance compared to standard PIN entry – as evidenced by Apple’s Touch ID solution – but their use must be sensitively managed.


What are the different types of biometric authentication available? How do they differ and which work best?

Today the most commonly used examples of biometric authentication are fingerprint, voice and face recognition.

Biometrics, including voice and face, compliment both apps and mobile devices as they offer consumers and companies an additional choice, control and reassurance over how they authenticate themselves using mobile devices, whether it’s to make a payment, retrieve a coupon or register for a new service.

Research from IBM found that speaking a PIN, voice recognition, was the fastest for biometric entry. Furthermore, the research found that face and voice recognition are fast, but these methods need to check that you’re alive, waiting for you to blink several times, and are not universally usable, and that gestures, such as the use of the Android screen lock pattern, were the most reliable and worked for everyone – though shorter gestures would be needed to cut down the time needed to complete authentication overall.


What are the biggest challenges facing companies looking to use this technology?

There are two main but distinctly different challenges when it comes to biometric authentication.

The first has to do with environment. Unlike passwords or PINs, using a mobile device to take a picture to identify facial features or recognise a voice requires a well-lit space that is free of motion and vibration or white noise. Researchers are also still looking at how multiple biometric factors can be used in these instances to accommodate and/or compensate for one poor biometric reading.

The other challenge lies with interoperability and standardisation of how biometric data should and can be used. Mobile identity management services are of little or no value unless service providers – third party website operators and app developers initially – actively want to deploy them within the context of their services.

At present too few third parties recognise the benefits of mobile identity management solutions and arguably not enough has been done to persuade them otherwise. The key to success will be the adoption of standards and the creation of interoperability and industrywide standards that provide guidelines for how companies and brands use biometric data for authentication purposes – this is now being delivered by the FIDO Alliance.

How will biometric authentication impact transactions, payment and retail in the next five years?

Biometrics will not solely revolutionise retail. However, it does stand to impact how consumers and companies look at multiple factor authentications, which provide additional security layers compared to standard methods of authentication.

In most cases it combines something consumers know, such as a passcode or username, with something they have, like my mobile phone or SIM, and ‘Something I am’, such as biometric information – voice, gesture or facial recognition.

The common trend is toward user convenience and this can be achieved through the introduction of new mechanisms such as the mobile phone, the optional use of the fingerprint sensors and moreover through the utilisation of the above mentioned multiple authentication factors.

The mobile phone/SIM card is something consumers have but it can also be something they are. For example it can hold information such as location, a behavioural profile or simple biometric information such as fingerprint scan or voice recognition.

Since the user needs to have possession and control of the mobile phone (phone + fingerprint sensor or phone + secret (PIN) it offers a more secure option to consumers than simply a username and password.


IDG Connect has published a series of global commentary around biometrics:


« C-Suite Career Advice: Nancy Treaster, SVP and GM, Verint Systems


Unify's 'iPhone for Conferencing' Ansible Due Next Month »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?