Passwords are on their way out, and new, simpler, faster, and more secure methods to log in to accounts are already well-established and are gaining momentum. Recently, Paypal, Microsoft, Apple, and Google all switched to passkeys, ending the long-ruling reign of passwords.
All technology companies and organizations are expected to follow the big tech trend. Based on FIDO Alliance standards, passkeys replace passwords with cryptographic key pairs stored on devices that can integrate with Face ID, Touch ID, and other biometric features for seamless authentication.
When Ján Lunter, CEO of Bratislava-based Innovatrics started working in the field more than 15 years ago, biometrics was mainly associated with law enforcement. “Today, you use biometrics every day, all the time,” Lunter says. “Biometrics has entered our lives, and the number of usage scenarios has grown exponentially.”
Lunter has firsthand experienced how biometric technology accelerated in Europe and across the globe. Over the years he worked with top industry experts developing complex identification algorithms that are today praised by global standards and rankings for their precision and accuracy. But when it comes to implementing the passwordless future, Lunter says it’s not as complex as many believe, and every startup can do it.
“The standards to provide secure, passwordless, often biometrics-based access already exist,” Lunter says. “The passwordless future is pretty much certain, and the big players are doing a lot to get to it as fast as possible.”
Biometrics in Three Steps: Cloud, Enrollment, and Unification
Large corporations and big companies are rapidly implementing passwordless features and setting themselves apart in a very competitive market. But how can European startups — operating with more limited resources — begin their biometric journey and leverage the benefits of the new trend?
Lunter outlines three steps that can be used as a blueprint for companies to make the shift: the cloud, enrollment, and the unification of databases.
Lunter says that contrary to what many think, shifting to a passwordless future is not that expensive. Cloud vendors, including Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), or Oracle Cloud, offer different built-in biometric features for developers to rapidly deploy passwordless authentication in their sites, apps, and services.
Top cloud vendors “provide everything necessary, utilizing available hardware such as fingerprint readers in laptops or built-in cameras for facial recognition,” Lunter explains.
Biometric technology in the cloud is not only state-of-the-art and easily accessible, but it can also save maintenance time and reduce hardware and software costs. Additionally, scaling up in the cloud is done in just a few clicks, while scaling digital resources on-premises can be extremely expensive. Last but not least, running biometric apps with leading cloud providers ensures a high level of security.
The second step is enrollment, how your company gathers biometric data. This process should be as painless as possible. Ideally, the best way is to develop a user-friendly app. Enrollment is capturing biometrics samples and processing them to create a biometric template. The templates are stored and used for authentication. Enrollment will also be defined by which cloud a company chooses to work with and the features they provide.
Another key issue to consider during enrollment is user consent. Startups must always provide alternative forms of authentication for those users who prefer not to use voice ID, fingerprint ID, or facial ID. Additionally, startups must consider that a user may consent today but later rescind. Therefore storage of biometric data and databases needs to be easily searched to remove any template. Compiling with privacy data security and data protection laws is also essential.
Finally, the third step is simplifying and unifying biometric databases. “It’s great if a single biometric database can provide multiple services — opening physical doors in a building, registering attendance, payroll registration for employees, security clearance, and passwordless logins,” Lunter says. “If every system would require separate enrollment, the data oversight and maintenance overhead would soon skyrocket.”
Risks and Opportunities: What Leaders Should Look Out For
While biometrics plays a critical role in bringing down authentification breaches, reducing cyberattacks, and preventing identity fraud, the technology still faces dangers and challenges. Deep fakes, brute force attacks, live check errors, and algorithm bias are top priorities.
European startups need to be aware that biometrics is not 100% free from errors, which is why all industries need experts to reduce risks. Lunter highlights that companies must also work within the legal restraints of data and privacy laws such as the General Data Protection Regulation (GDPR).
Biometric algorithms are trained to recognize fingerprints, faces, or other data using big data groups to reduce errors and biases. But when algorithms are trained using databases of faces or fingerprints that are not diverse, they can result in biased models. Additionally, obtaining users’ consent is another notable challenge when creating databases and using biometrics.
Synthetic data — generated artificially — is viewed as a potential solution to these problems. Gartner experts predict that more than 60% of all data used by AI and machine learning by 2024 will be synthetic data. However, experts warn that synthetic data also brings risks. These are primarily associated with a poor representation of the real world.
Despite the many challenges ahead, the sector continues to grow and opportunities are clear. The October report of Market Watch reveals that the Biometric-as-a-Service market is expected to reach multi-millions by 2028. The industry is driven by technological innovations, end-user demands, and trends. Government, retail, IT and Telecom, BFSI, healthcare, and other sectors are optimizing biometric performance while making it more widely used.
The passwordless future is a new era for biometrics. Its uses have moved from law enforcement and banking to personal computers, smartphones, the cloud, and web applications. “We are not only creators of algorithms, but we are also creators of technology solutions,” the CEO of Innovatrics concludes. Unlike 10 or 15 years ago, startups today have the resources, tools, and technology to drive authentication innovation.