The Public Eye with Eric Chabrow

Should Biometrics Replace Passwords?

Should Biometrics Replace Passwords?

Biometrics - an iris scan, a fingerprint and even ones voice - can replace usernames and passwords to access IT systems or even make a purchase on credit. The advantage of a biometric scan is that authentication would not identity individuals by usernames and passwords that can be stolen by hackers, saving institutions and individuals countless dollars. But is it practical?

Dr. Myra Gray, director of the Defense Department's Biometrics Task Force - which coordinates DoD's activities to program, integrate and synchronize biometrics technologies and capabilities - agrees that biometrics offers advantages over traditional authentication methods. But in a chat I had with her Wednesday (the podcast of the interview will be posted in the coming days), Gray didn't feel the time is right for biometrics to replace usernames and passwords. Here's what she said:

"(Biometrics) is an outstanding method for good, strong identity assurance, but before we go throwing out passwords and usernames, I'd like to articulate that biometrics is one tool of many. It should be part of the portfolio that's used to protect against ID theft."

Gray reminds us that three basic elements can be used to authenticate an individual's identity:

  • What you know: a password or log-in key.
  • What you have: a magnetic card or some token; a piece of material that lets you in.
  • What you are: an iris, fingerprint; something that's uniquely you.

Gray also pointed out:

"The power is not just picking one over the other, but setting up a construct that utilizes all of those as appropriate. You probably don't need all three of those to buy coffee at the 7-Eleven. But if you were to get into a super-secure facility somewhere, you may very well want to utilize all three methods: what you are, what you have and what you know."

Cost of biometrics technologies is falling, but remains too expensive to be widely used on individual PCs and laptops -- or on ATMs or at points of sale. But, like PCs themselves, biometrics devices eventually will become commodities, with low prices that will make them affordable to be added to a wide range of computing devices. Adds Gray:

"We still have a long way to go with the technology before we throw everything else away."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.