Screw Passwords; Why Aren’t We Using Biometrics Instead?

Another day, another data breach.

It was reported yesterday by several publications that a company in Milwaukee just happened to uncover a security breach of epic proportions– with an estimated 1.2 billion usernames and passwords jacked. It is the largest data theft in recent memory, and, unfortunately, part of an ever-growing trend in our interconnected lives.

Regardless of how crafty you are with generating passwords for the sites you visit (which, as we found out earlier this year, many people just aren’t), the fact is, a good percentage of sites don’t have a very secure infrastructure. For those that do (or believe they do), it may take them months to realize that their “top-notch security” has a flaw & they’ve even been hacked– if they ever do at all. Meanwhile, you go on with your daily one-touch checkout, swipe right, Instagram-everything lives, blissfully ignorant to the information that someone halfway around the world may have about you.

After the massive credit card attack on Target last November and finding out that a company as large as Starbucks was storing its app passwords as a simple text file, it’s become painfully obvious that the biggest threats to identity protection cannot be deterred through the use of complex passcodes and 4-digit pins.

So, why do we bother with passwords anyway? 

Besides your DNA (for anyone that’s not a twin, that is), a human’s fingerprints are the most unique form of identifier that exists. There is, statistically speaking, nearly a zero percentage chance that someone in Russia has the same fingerprints that you do, and even less a chance than that for someone to steal your fingerprints (unless they remove your hand– in which case, I’m guessing you have bigger problems than someone else using your Facebook account). While Apple’s Touch ID has recently made strides in the field of personal computing biometrics, I personally used fingerprint identification to unlock my Lenovo ThinkPad some 7-8 years ago. Meaning, the technology certainly isn’t new, and can’t be all that expensive (since, well, Lenovo’s weren’t either)– so, why haven’t we phased out passwords yet?

Because, like everything else that sounds easy, it’s not.

Touch ID isn’t perfect (though I expect it to continue to improve with iOS 8). Most personal computing devices, including smartphones & tablets, don’t currently offer the technology for a biometrics-based log-in. And, of course, there would be that whole “everyone’s gotta switch over to biometrics on every site ever” issue to contend with.

Impossible? No. But it’s not something that will happen overnight. Google, Apple, and Microsoft are in a unique position to begin delivering electronics with biometrics sensors to, well, basically everyone– but it would also require major websites (Facebook, Twitter, etc) to phase out passwords in favor of fingerprint log-ins. Of course, these sites would also have to provide the ability for existing users to switch from password to fingerprint through a verification process– to prove the original fingerprint they provide is actually theirs to begin with.

If it sounds like a mess, that’s because it is. But, what’s our next best alternative as a society– continue to see these massive data breaches occur, change our passwords when they do, and hope that thieves don’t steal too much or spam too many of our contacts before we notice? Sorry, but that’s not enough for me. And since just “logging off” for good isn’t much of an option, we need major tech & financial organizations to step up and push forward with biometrics as passwords in the not-so-distant future.