Will biometrics make way for a passwordless future?

Sarah Munro, Head of Biometrics at Onfido, spoke to Technology magazine about the future of passwords and tackling employee security

Can you tell me about Onfido? 

At Onfido, we’re simplifying identity for everyone making it easy for people to access services by digitally proving a person’s real identity. Our AI-based technology assesses whether a user’s government-issued ID is genuine or fraudulent, and then compares it against their facial biometrics ensuring the person is present. That’s how we give companies the assurance they need to onboard customers remotely and securely without compromising experience, conversion, or security.

Onfido’s Real Identity Platform makes it easy for businesses to tailor verification methods to individual user and market needs. The platform strips away complexity by offering a curated library of identity verification services, including our award-winning document and biometric solutions, trusted global data sources, and fraud detection signals.

What is your role and responsibilities at the company? 

As Senior Director of Biometric Product, my focus is on digital identity and biometrics strategy, developing and innovating solutions and leading a team of specialists to better connect businesses and customers remotely. Another focus of mine is assuring that our biometrics products work for everyone, that means having a very strong focus on bias reduction and building accessible user experience.. Onfido’s AI technology is trained on diverse datasets and tested to ensure it performs the same for everyone. The anti-bias capabilities mean identity verification is fair, fast, and accurate. 

Do you think passwords are out of date? If so, what is the new way forward? 

It’s telling that on World Password Day this year, Apple, Google and Microsoft announced that they will soon implement passwordless sign-in on all major platforms. At Onfido, we too predict a passwordless future. In and amongst the frustrations over creating, changing and remembering passwords (with the average person having 100 passwords), we often overlook the significant security risk they pose. In fact, as many as 81% of company breaches in 2020 can be traced back to weak or stolen passwords.

Today, most passwords remain simple, with 23 million account holders using “123456”, while one in five still readapts a single-core password to meet different password strength requirements. Not only does this mean that password authentication can be easily breached, it leaves those who reuse passwords across multiple online accounts particularly vulnerable.

Despite the clear risks, passwords remain the de facto standard for user access and authentication for online applications. But businesses should recognise the weakness and pursue more effective ways to protect their customers’ online accounts and their business. For instance, combining identity document checks and biometrics can remove the need for passwords altogether, while increasing the level of security and enhancing the overall experience. According to our data, 70% of consumers already report that they would be open to using biometrics to authenticate themselves instead of a password.

How important is it for businesses to make sure their employees are following the right security measures?

The Covid-19 pandemic forced businesses to shift their services online and adopt remote and hybrid working policies. And fraudsters have moved their business online too. There’s been a 44% increase in identity fraud since 2019. Now more than ever, it is vital that employees are following the right security measures. Using insecure networks, reusing and sharing passwords, or falling victim to scams are some common ways in which employees compromise an organisation’s IT system. These gaps in security measures can result in employees’ and customers’ data being compromised.

To increase security with a hybrid or remote workforce, it's vital that organisations implement a strong user authentication for accessing corporate networks or services with sensitive information. Passwords alone aren’t sufficient but a two-factor authentication which can include a personal pin, security question, a physical item, such as a smartphone, or biometrics, can help mitigate some of the risks of a password-only approach.

What do you see as being one of the top emerging cyber trends this year?

In 2021, we saw a 57% increase in sophisticated fraud, with the fraudulent documents from these more organised groups being much harder to detect. Typically, the tell-tale signs are much less apparent and require sophisticated document analysis software to detect, such as imitated security features, incorrect fonts, or the wrong photo printing technique.   

This spike in sophisticated fraud appears to be here to stay. Criminal gangs and fraud rings are most commonly behind these types of attacks, and a higher volume of attempts – perhaps enhanced by automation – means a higher chance of success. To combat this, businesses need to have robust authentication methods in place. For high value accounts or services, organisations should consider how they will prove the liveness of the individual signing-up or signing in. For example, integrating videos in the verification process shows the attempt is being carried out by a ‘present’ human. 

What can we expect from Onfido in 2022?

If 2021 proved anything, it’s that fraud isn’t going away and, as previously discussed, the tactics that fraud rings are applying are becoming more and more sophisticated. That’s why we have just released major improvements to our Real Identity Platform – both to its performance in detecting fraud and in simplifying the process of building verification workflows.

Just because the fraud risk is getting more complex, we know that we can’t overcomplicate the verification process for our customers - and especially not for their customers! With these platform updates we are making it even simpler for our customers to create tailored verification processes that remain low friction for the end-user.


Featured Articles

How Zscaler AI Innovation is Powering Data Protection

With its AI-powered Data Protection Platform, Zscaler is delivering cutting-edge innovations to provide comprehensive data security

How NetApp Unified Data Storage is Powering the AI Era

With powerful unified storage, NetApp is enabling organisations to accelerate AI innovation and unlock the full potential of their data assets

Tech & AI LIVE London – One Week to Go

Just one more week to go until Tech & AI LIVE returns to the virtual stage – May 21 2024

What Adam Selpisky’s Shock Departure Means for AWS

Digital Transformation

SAP & FC Bayern: Technology Drives Efficiency & Scalability

Digital Transformation

EY: Tech CEOs Double Down on Tech, Data & Cyber Investments

IT Procurement