The Pros and Cons of Biometric Passwords

The world of biometrics is constantly changing. Three years ago, it was all about fingerprint recognition. Now, it looks like facial recognition will be the next big thing.

Facebook users may soon be able to use facial recognition to regain access to their accounts after locking themselves out, while the iPhone X and Samsung Note 8 both offer the technology for unlocking the device. Whether you’re using your face, fingerprint, voice or signature to access your device or data, it’s key to understand the risks so you can protect against them.

The pros of biometric passwords

The main benefit of biometrics is that they are very difficult to steal or replicate. Your fingerprints, irises and voice have unique patterns and qualities. Even the way you sign your name cannot be easily copied, as everyone writes with different speeds and pressures.

Another benefit of biometric passwords is that they are so quick to use. While keeping your passwords secure can involve creating increasingly complicated combinations of letters and numbers, biometric technology recognises your face, fingerprint or voice almost instantly.

The cons of biometric passwords

It is not impossible to steal or replicate a person’s fingerprint, face, voice or signature. In fact, a group of researchers did manage to trick the facial recognition on older Windows devices and a Samsung phone with a photo.

Also, while fingerprint, facial and voice recognition technologies have been adapted for ease of use, iris scanners are still expensive and can be tricky to use. If you move slightly while the scanner is working, or stand too far away from it, the technology may not work.

How can small businesses use biometrics safely?

Using both passwords and biometrics on your device is a sensible option, providing multiple layers of defence. Here are just a few tips for optimising your equipment and data security:

Implement multi-factor authentication – as well as setting a password or fingerprint on a laptop or iPad, set up your systems so that a code or second fingerprint needs to be entered via mobile phone. The user needs to be in possession of the correct phone to gain access.

Create a super-strong password for office computers – rather than having to keep changing your passwords for office computers (and writing them down because you have so many), set a complicated one from the start.

Use different passwords for all your social media and private accounts – this will limit the damage a hacker can do. These passwords should be complex and changed every six months. Cybersecurity thought leader Joseph Steinberg offers some really useful tips in his blog post ‘How to create strong passwords that you can easily remember’.