Visa conducted a survey in Europe, from which it learned that people trust fingerprint authentication far more than they do iris or face recognition, or other forms of biometric authentication. The survey also seems to show that banks are trusted much more than governments when it comes to storing biometric data.
Europeans Warming Up To Biometric Authentication
According to Visa’s recent study on biometric authentication, 42% of Europeans believe that biometric authentication would eliminate the need to remember multiple passwords for various services. Perhaps not surprisingly, those over the age of 65 believe this even more strongly, with 48% saying they would prefer biometric authentication over passwords.
As we see here, a minority of respondents prefer biometrics, but this could be influenced by the fact that biometric authentication is still a relatively new thing in the consumer space. If some have never used any form of biometric authentication before, then they may tend to shy away from it and stick to what they know.
The study found that 51% of respondents would prefer biometric authentication for online payments, as that would make paying for products more convenient. The number increased to 62% for young people between 18 and 24 years old.
Fingerprint Authentication Preferred Over Other Biometrics
When asked which form of biometric authentication they prefer between fingerprint, iris, face, voice, and behavioral recognition, 53% said they they prefer fingerprint authentication. Only 23% said they’d prefer iris scanning, and even fewer said they would prefer face recognition (15%), voice recognition (12%), or behavioral biometrics (10%). Fingerprint authentication seems to be a rather clear choice for now as an alternative to passwords.
Despite the fact that face authentication methods are just as widely available as fingerprint recognition (Android has supported it since version 4.0, for instance), few people seem to trust it. That’s probably because basic face recognition systems seem to be tricked much more easily than fingerprint systems, and with with much less work.
Even the most advanced face recognition systems don’t seem to keep up with new attacks against them. When people have thousands of photos of themselves publicly available these days, it’s only a matter of time before this type of system is defeated by more sophisticated attacks and algorithms.
Voice recognition systems are naturally trusted even less, because everyone talks on the phone, and calls can be just as easily intercepted and voices replicated.
Fingerprint Authentication Optimal, But Not Ideal
Fingerprint systems are definitely not immune to attacks, which is why we’re beginning to see systems that check for parameters such as the liveliness of the finger or by taking a 3D ultrasonic image of the fingerprint.
Fingerprints should be much harder to replicate than other forms of biometric authentication, but it’s probably also just a matter of time before attackers catch up. That’s why it’s important for companies offering products or services with fingerprint authentication to frequently upgrade them.
Even though fingerprint replication is difficult, there’s still the issue of fingerprint data being stolen from devices. Apple, to its credit, doesn’t store the fingerprint data (opens in new tab) on the device--only a cryptographic hash of it. Then when the user tries to unlock the device, the fingerprint is checked against that hash. That’s probably not happening everywhere, though.
Governments, especially, tend to store fingerprint data, and going by how these databases tend to be stolen, people naturally tend to distrust the government with sensitive information. The Visa study found the same thing, showing that people trust banks (57%) much more with their fingerprint data than they do governments (33%). However, people also need to keep in mind that governments can request fingerprint information from local banks at any time.
Biometrics With Two-Factor Authentication Most Secure Method
The most secure method of biometric authentication should be one that involves both biometrics and some PIN or password. The Visa survey found that 73% of Europeans see biometric authentication used in conjunction with another authentication method as a secure method to confirm an account holder.
This makes sense, because if you’re using the fingerprint and a password to authenticate to a service, then both would have to be stolen by an attacker. The idea is similar to using a password and a verification code, a feature that’s increasingly more available to online services. Two authentication factors should always trump using just one, assuming they are both relatively strong on their own.