The banks RBS and NatWest announced their adoption of fingerprint technology. It’s been described as a landmark moment for two factor authentication (2FA) entering the mainstream.
Phil Underwood, Global Head of Pre Sales at SecurEnvoy said: “There is always a balancing act when it comes to authentication. Make it too easy for the user and the authentication may be compromised or circumvented; too hard and adoption rates for the new authentication technology will drop. This shows that there is now a middle ground that is secure enough for banks to remain regulatory compliant, but easy enough to lead to widespread adoption (as backed up by them citing almost 1m downloads of its banking app already).
“One of the main drivers of this authentication technology taking hold, is that the current generation’s device of choice is now firmly the SmartPhone, with there now being over 1.75 billion devices in use worldwide and this is ever growing. Today, 2FA is all around us and prevalent on popular web sites such as PayPal, Gmail and Ticketmaster.
“With the advent of reliable fingerprint readers on the latest SmartPhones, the second “something the user knows” component is switched from a potentially easy-to-break password to a physical one that is unique. So the technology is at everyone’s finger tips … literally.”
And Roy Tobin, Threat Researcher at Webroot, said: “With so many high-profile data breaches over the past 12 months banks should tread carefully when implementing biometric technology. Biometrics have a very useful application in certain areas. But fingerprint technology isn’t the most reliable or secure method. In security we are always tasked with making the technology easy to use, but as secure as possible. Unfortunately, these two goals are difficult enough on their own, let alone when combined.
“The sheer amount of prints the average individual leaves behind day-to-day means that this data can relatively easily be compromised. There are a vast issues around data protection; who can access these fingerprints and how that data can be used are all real concerns. Add in the fact that the iPhone fingerprint scanner was hacked less than two days after its release, doesn’t restore faith in this type of verification. We should not be looking for the simplest form of access, but the most secure – two-stage authentication with a strong password is the ideal security option.”
