Using a password or a pin, when signing into mobile phone and laptops, is quickly becoming a thing of the past, according to a recent report.
At present, fingerprint scanners and facial recognition, which are examples of physiological biometric technology, are becoming more common.
Some of the obvious benefits when using physiological biometrics over passwords are convenience and security.
Passwords can be difficult to remember, especially when a user must maintain multiple passwords for a growing number of digital accounts.
Meanwhile, it would be hard for users to forget their fingerprints or face.
There are distinct security advantages to using something that is a unique part of the user, rather than something they must recall from memory.
However, irises, fingerprints and other human subtleties may be unique, but they are not incorruptible. Physiological biometric technologies are easier to hack than many people think.
Different techniques have been used by hackers to fool scanners and these involve duplicating biometrics.
A researcher from Yokohama National University, for instance, was able to create a graphite mould from a picture of a latent fingerprint on a wine glass.
Then there is the Chaos Computer Club, a hacking collective based in Berlin. They were able to deceive an iris-scanning technology with a dummy eye that was created from a photo print.
The fact that many of these biometrics technologies can be hacked so easily is troubling but expected.
There is a risk that personal or professional accounts will be compromised when hackers get control of biometric data.
Biometrics measures similarity and not identity. That is why a biometric match represents a probability of correct recognition.
While individuals can create new passwords for their accounts, humans cannot change their retinae or fingerprints.
A stronger way to prevent such attacks is to move towards using behavioural biometrics. Examples of such are keystroke dynamics or mouse movement analysis.
Each user has an idiosyncratic pattern of behaviour, even when performing identical actions, such as typing or moving a mouse.
Thus, behavioural biometrics is much harder to steal or imitate than physiological biometrics.
Artificial intelligence (AI) can learn and analyse these behavioural characteristics to identify inconsistent tendencies quickly and autonomously.
Behavioural biometrics can track several tendencies or habits. A hacker is likely to behave differently than the targeted user.
When enough anomalies exist, the security system raises an instant alert for the security team and helps them investigate the incident.
Although physiological biometrics is user-friendly, they are not truly safe.
Fingerprint recognition on phones typically takes multiple images of a finger so it can find a match quickly. A truly safe physiological biometric authentication takes longer, more like 10 seconds.
Behavioural biometrics is the ultimate customer experience security measure. Keystroke dynamics and mouse movement analysis help identify breaches and serve as a continuous, biometric authentication.
These behaviours can be continuously monitored and verified without interrupting the user experience.
Building biometrics into the security ecosystem helps in reducing the number of stolen user credentials. Criminals can be caught faster since biometrics can detect inconsistencies accurately and in real-time.
Moreover, behavioural biometrics is difficult to duplicate because it is much harder to behave like the targeted user.
While behavioural biometrics are ideal additional layers of defence, it is vital that it forms a part of a bigger security environment that incorporates multi-factor authentication solutions, consistently updating and patching systems, and educating staff.
Maximising more verification measures in unison gives the largest possible chance to avoid hackers gaining access to sensitive information.