Biometrics have made regular appearances on annual "Next Big Thing" lists for a couple of decades. But the technology has never quite taken off the way people expected. Certainly, there are industries that make heavy use of biometrics. But other industries resist, seeing little need to collect fingerprints and eye scans or use facial recognition.
Those are the most common biometric tools, often associated with physical access systems. Fingerprint collection, for example, is common in financial services and government. Eye scan technology is more of a niche biometric tool used in high-security industries. Capturing an individual's photo is done frequently in many workplaces. This photo is then used to create company badges or identification.
"Taking this captured photo and using it to digitally verify identity is around the corner," said Taylor Liggett, general manager of Sterling Identity, a company offering both fingerprinting and identity verification services.
"Biometric technology is already enabling smarter and more secure access control in the workplace with PCs, USBs, dongles, smartcards, door locks and shared devices such as coffee machines and printers," said Michel Roig, president, head of payment and access at Fingerprint Cards, a biometrics company based in Göteborg, Sweden.
More recently, biometrics have been supporting organizations in accommodating hybrid, remote and flexible working arrangements for their employees without exposing themselves to increased security risks. Work-from-anywhere (WFA) poses increased risk of exposure of PINs and passwords to "shoulder surfers," lost or stolen corporate devices with sensitive data, or hacks through unsecured domestic Wi-Fi networks. WFA also means that relying on traditional authentication methods such as PINs and passwords might not be enough.
"Biometric technology only gives access to authorized users, is difficult to steal and spoof, and does not allow scalable attacks, reducing the risk of hacks and breaches through stolen credentials, lost devices or poorly secured non-enterprise networks," Roig said.
Privacy and Security Concerns
Perhaps the rise of biometrics has been inhibited by a greater awareness and regulation of privacy. Employee information is far more important than it used to be.
"Companies need to clearly communicate and obtain prior consent from employees before information is collected, disclosing where it is being stored and for how long," Liggett said. "It is imperative to have the right safeguards in place to protect candidate and employee data. Companies should also familiarize themselves with relevant state biometric laws and always ensure they are operating within full compliance."
Centralized storage of sensitive biometric data is obviously a big concern. Employers, though, can turn to solutions that use on-device biometric data storage. The biometrics data is stored, matched and authenticated securely within the device. As a side bonus, this removes the administrative burden of creating, maintaining and protecting a central database.
Security is another of the factors that may have cooled the biometrics trend. Data breaches, after all, are on the rise. The Identity Theft Research Center reported that data breach numbers in 2021 well exceeded those of 2020.
But hackers would have a hard time using the data captured from a biometric sensor. The data is stored as encrypted 0s and 1s, not as an image, which means that even if fraudsters could access the data, they can't do anything with it.
"Using the on-device approach and the storage of biometric data as a mathematical template significantly enhances the overall security of biometrics and reinforces trust for both employee and employer," Roig said.
The Next Wave
Liggett believes facial scanning technology will be the next wave of biometrics to be deployed in the workplace. Facial scanning technology is already becoming part of the background-screening process in the form of identity verification. Identity verification allows employers to ensure that candidates are who they say they are before starting a background check.
"This means employers know the right candidate data is being used to conduct a background check, allowing employers to create the safest possible workplace," Liggett said. "Given facial recognition is becoming part of the pre-employment process, using that same technology as part of security in the physical workplaces would be the natural next step."
Biometric technology used in smart locks or biometric access cards can simplify physical access control for flexible working, too, as traditional working hours become more agile. With only authorized users granted access, businesses have peace of mind that only their employees are onsite, regardless of the time they find themselves working. Also, biometrics can be integrated into ID, time and attendance systems so security and HR decision-makers can have more reliable insights into their employee working patterns, Roig noted.
"Converged biometric access cards for logical and physical access provide an all-in-one card that combines not just the access but also ID card, time and attendance, logical access for restricted areas at your network, and applications, meaning only the right people can access sensitive documents and locations," Roig said.
Workplace PCs, too, are increasingly incorporating biometric sensors. At this point in time, many models provide the feature. But IT departments have been slow to enforce their use. That is likely to change soon, according to Roig.
Too Many Passwords
Perhaps the biggest driver towards a biometrics boom, though, might be password madness. Sixty percent of consumers feel they have too many passwords to remember, and some have as many as 85 across their personal and professional accounts. Managing these passwords means that 41 percent of us admit to using the same password or injecting simple variations. Poor password hygiene is responsible for as many as 81 percent of company data breaches.
"One of the key advantages of biometrics is that it can help organizations transition towards becoming passwordless," Roig said. "Given the growing number of threats, the increasing unsuitability of passwords and PINs, and the risk of significant repercussions from a lax approach to security, considering biometrics is becoming more attractive."
Gartner predicts that by 2022, 60 percent of large and 90 percent of midsize enterprises will implement passwordless authentication methods in over half of use cases. Companies such as Microsoft have already abolished an internal policy of changing passwords every couple of months. With 160,000 employees, this policy just tied IT up in knots.
Drew Robb is a freelance writer in Clearwater, Fla., specializing in IT and business.