(Author's note: For the sake of this article, we will consider only finger-printing as a biometric authentication solution.)
In today's world the use of passwords is the default mechanism of authentication. From our desktop to e-mails, from chat programs to online banking, we need passwords to authenticate ourselves to the system. In short, they are a part of our day-to-day life. Although password usage is the most commonly used authentication scheme, it also has a lot of problems associated with it in terms of security. Let's take a look at those problems and then compare it with biometric authentication and see if that's any better.
Since the password comes out of a human mind, one issue that arises is when people select weaker passwords. Weak passwords are easily predictable or can be easily broken with the use of technology.
There is no password in biometrics. We have only our fingerprint. That means I have only one password for everything. Weak passwords are eliminated. Problem solved! Now ask yourself, what if someone stole your fingerprint. Can you change your fingerprint like you can change your password if it is stolen?
Most importantly, what would scare you more: if your password were stolen or your fingerprints? Remember, fingerprints can be misused in more then one way.
As you can see, biometric authentication gives us more questions than answers. With Bill Gates suggesting that they want to do away with passwords, it would be interesting to see what kind of approach Microsoft takes. Even with all the issues surrounding passwords, I don't think they are going away anytime soon.
About the author: Anurag Agarwal, CISSP, works for a leading software solutions provider where he addresses different aspects of application security. You may e-mail him at firstname.lastname@example.org.
This was first published in April 2006