Biometrics, passwords, and the need for personal identification

Are passwords really out? Are biometrics truly taking over?

The connected world, the massive waves of refugees, the online digital transactions of all kinds — they all make the need for instant and unequivocal personal identification (PI) a hot, pressing, critical matter. Is one method emerging, and are old methods obsolete?

At this point, none of the available methods of instant PI is clearly leading and they all coexist.

One might think that passwords, probably the oldest method of them all, are dying, and that fingerprints, palm prints, iris scan, face recognition or voice recognition have taken over. The fact is that despite all the weaknesses of passwords, they are still very much in use.

Passwords can be forgotten, can be hacked and stolen. They are cumbersome and complex to memorise. 

To set a strong password, one that is hard to guess or crack, you must make it long, at least eight characters and preferably more (10 or 12 is recommended nowadays), and it must contain that odd assortment of alphabet letters, specials signs and numbers. 

And since we all need dozens of them, one for each application, keeping track of them quickly becomes a nightmare. 

And yet, passwords present a great advantage over biometrics; they don’t need special equipment to read, to decode and to validate them, only basic software. 

Biometry, on the other hand, needs cameras and scanners, in addition to special software of course, or very sensitive microphones in the case of voice recognition.

The obvious advantage of biometrics is that you do not have to remember anything. Your iris, your hand, your fingerprints, your face, your voice, they are with you all the time, they don’t change, they are you. Plus the fact that no one can steal them from you — definitely not a minor point.

Because the pros and cons of each system have different weight in different contexts, all the above methods are still in use and will probably be so over the next few years, although in the long run, biometrics will probably prevail. Slowly but surely, scanners and cameras are going to become more widely installed, inexpensive and will perform better and with greater accuracy.

Take iris scan identification, the only method that is virtually foolproof and that works with a nearly zero error rate — a degree of precision that no other method can match. The only identification system that is as accurate as iris scan is DNA, which of course is not an instant PI method and takes time to produce a result, and therefore cannot replace iris scan.

Iris scan PI was implemented on a large and public scale circa 2005 in UAE airports to identify travellers. 

Given the undisputable success of the operation, one would have thought that it would quickly spread to other border points in the world, to banking everywhere, etc.

More than 12 years after, iris scan is definitely penetrating more and more fields but not as quickly as one would have thought. 

Among the places where it came to the rescue as unequivocal PI are refugee camps. Before iris scan and its near-perfect precision, the level of fraud in these places was massive.

On the other hand, accessing your e-mail account or your online banking is still done using passwords, essentially, despite the inherent imperfections of the method. 

It remains the simplest and the one that requires the least complicated technology behind it. 

Since 2010, there has been expectation that the camera in your laptop or smartphone will be scanning your iris to identify you and unlock your e-mail, your online banking access, etc. 

In practice, we have to wait to see this otherwise great idea actually implemented and widely adopted.

In the meantime, each method is preferred in each specific context. 

PIN codes — one form of passwords — are doing their job rather well preventing fraudulent use of credit cards, for example. 

Besides, remembering passwords, or trying to, constitutes an excellent exercise for the brain.