What Do Passwords and 2FA Have In Common?

Soon, They’ll Both Be Obsolete as Biometrics Enter the Mainstream

Google recently announced plans to replace digital passwords with biometrics using their “Trust API” system. Trust API monitors location, speed, voice, and typing patterns, so devices can “learn” about their owners and how their owners operate.

Consumers appear to be fully on board. According to the latest research, more than 80% of all users are open to biometric authentication, believing it to be more secure than traditional username/password combinations. With hackers easily and persistently using brute force methods and modern graphics cards to crack passwords, biometrics seems to present a more secure alternative.

Consumers are understandably weary of other alternatives to password and usernames since even secret question/answer combinations used as extra security can be purchase online these days. Google is answering the call for more security by utilizing biometrics, with the goal that identification methods become not just more secure — but also easier and more convenient for customers. With biometrics as an industry expected to reach $21.9 billion by 2020, this seems like a pretty solid business move on Google’s part.

What Is Google Trust API?

Trust API is Google’s biometrics solution, and it was first introduced last year as “Project Abacus.” The goal of Abacus was to get rid of passwords by using a collection of identity indicators and sensors on the Android smartphone. On the Android device, Trust API monitors your location, the way you type, and the way you move, including how you swipe your screen, to name just a few. It also monitors facial and voice recognition — and then analyzes all the data to produce a “Trust” score, which indicates how likely the user of the smartphone is actually the authorized party or owner of the device.

That’s about all Google has revealed about Trust API at this point, and, as of August 2016, the tech giant is beta testing its methodology with large, security-conscious financial institutions. If the testing goes well, Trust API will be available to Android developers and consumers by the end of this year. With Android holding about 81% of the market share over Apple and other smartphone manufacturers, this means that biometrics will enter not just the mainstream — biometrics users will be in the majority.

Biometrics Technology Goes Beyond Smartphones

• MasterCard is testing an app that uses selfies to analyze and confirm identity before authorizing purchases online — and they are working with a third-party developer on a heart-beat monitoring bracelet. Financial institutions in Europe and Canada will be the first to get this technology.
• Banks are on the forefront of biometrics technology — Wells-Fargo has already invested in iris-scanning technology for their online banking app.
• While iris-scanning technology is pretty well known, ear canal scans are less so. Since everyone’s ear canals — and the sound that resonates within them — are unique, Japan’s NEC Corporation has begun capturing sound-resonating data with special identity earbuds that produce a 99% identity accuracy rate.
• The way you walk — also known as your “gait” — can be visually analyzed as yet another biometrics indicator. Technology using sensors to analyze our walking style will likely be available in the near future.

Though It’s More Secure, Biometrics is Not Bulletproof

• Bio-data theft is possible. Like anything else in tech, biometrics has the potential for serious security flaws. Hackers can take photos of a user’s face or swipe fingerprints off a glass at a restaurant — and then manipulate and reproduce those indicators to gain full access to your smartphone and other online apps. Since you can change your passwords — but not your fingertips or iris scans — once your bio-data is hacked, you’re pretty much compromised forever.
• Constant monitoring is creepy. Many users are uncomfortable with the idea that their every move is being monitored — even if only by their smartphone. The wealth of user information produced by this technology will be enormously valuable to both legitimate business, the government, and the dark web–making users even more vulnerable to attack.

How Can Biometrics Help Business in the Future?

• Increased registration with increased confidence. Customers might be more willing to give up their personal data if they are more confident it’s secure.
• Data and insights abound. The amount of information you’ll be able to learn about your customers — and how you can better serve them — is truly mind-blowing.
• Better security is possible. Biometrics done right could lead to fewer cybersecurity issues like incidents and data breaches.

{company} is your local IT security expert, helping businesses of all sizes keep their data secure and their businesses up-and-running. If you’re interested in learning more about the biometrics technology that might be available to your business, contact us at {phone} or send us an email at {email} for more information.