Back to Market commentary
Being Individual in a Connected World
The race to replace easy-to-crack password based user authentication with something more bulletproof -- or altogether impossible to breach -- is on. Corporate heavies like Apple, eBay, Google and Microsoft are predictably leading the charge, but dozens of smaller startups are making some exciting strides too. So, with many bio-sensors solutions now rolling out, are we about to see a major change?
The oldest form of identifications are documents (ambassador letters were used by the Egyptians 2,500 years ago), moving on to simple pictures (think wild west wanted posters) and then combining them (in passports for instance). Latterly, fingerprinting has been the backbone of forensic identification for many decades.
However, the basic assumption that everyone has a unique fingerprint from which they can be quickly identified through a computer database is flawed, according to the Home Office's former Forensic Science Regulator. A study by Southampton University found that two thirds of experts, who were unknowingly given the same sets of prints twice, came to a different conclusion on the second occasion.
Even so, fingerprints are still widely used, particularly if combined with other factors. The largest programme by far is in India, called Aadhaar. It has enrolled about 550 million residents and aims to cover entire population of 1.25 billion in a few years. It is a biometrics-based digital identity database and uses fingerprint, iris scan and face photo, along with demographic data.
Most recently heart (electrocardiogram) signals have emerged as another viable biometric. ECG sensors are now widely available as simple smartphone cases – you just hold it in your hands. The advantage of such technology is that it is more fraud resistant compared to conventional biometrics like fingerprints.
But will biometrics really catch on? PINs and passwords have been around for a long time. One advantage of passwords over biometrics is that they can be re-issued. If a password is lost or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in biometrics. If someone's face is compromised from a database, they cannot cancel or reissue it.
Perhaps it’s because biometrics make it so personal, so visceral, that we’re reluctant to quite let go of the things that make us distinct. We may be much more connected but we’re still individual.