It's time for mobile UX to catch up with biometric security
Editor's note: The following is a guest post from Lori Cohen, CMO at Veridium, a provider of end-to-end biometric authentication.
Humans are creatures of habit. Take my bedtime routine, for example. I wash my face, brush my teeth, floss and brush again. Brushing my teeth was a natural action for me, but the flossing had to become a habit. Sure, my dentist reminded me at every visit that if I wanted healthy teeth and gums I had to floss. Regardless, it wasn't going to stick until I made it a habit. I did this by keeping the floss right next to my tooth rush as a visual cue to trigger me to reach for it.
Habits are hard to create and equally hard to break. You likely place the same coffee order at Starbucks, and if you go to Starbucks regularly, it's probably hard for someone to convince you to go to Dunkin' Donuts. As marketers, this is our fundamental challenge: getting customers to change their ingrained habits.
How can we influence someone's behavior to get them to try something new, especially when that habit is, well, habitual? In the physical world, there are tricks of the trade, including free samples in grocery stores, coupons and discounts. In the online world, there are different strategies. One of them is a stellar user experience, or the overall experience a person has from using a product like a website or an app. The easier and more pleasing it is to use, the better the user experience, and the easier it is to make it a habit.
Think about Uber — not the trouble it's in now surrounding questionable corporate culture, but its business model of changing the way consumers hail a cab. Back in the day, when you needed a ride, you physically waved down a cab. You had no idea when or if you would get one. Now, think about how you get a ride today. You tap an app and enter a destination. Tap and click, and in moments you know who's coming for you and when they'll arrive. It's not just the lower cost of Uber that disrupted the industry — it's the app's simple design, functionality and user experience. Delight users, and they will change their habits.
Making human behavior more secure
As more and more of our lives take place on the web, we have a chance to apply these same user experience principles to how we protect our online identities.
Think about all the habitual tasks you perform related to confirming your identity. Unlock your phone? Enter a PIN. Check your email, Facebook, Twitter or your bank account? Enter a password. Consumers use passwords for everything, and according to Digital Guardian, 70% of people have more than 10 accounts requiring a password. And oftentimes, we use the same password for multiple account, making them less secure.
In 2016, all five of the biggest data breaches involved compromised, weak or reused passwords. We'll continue using these types of passwords until someone provides an alternative that delights us enough to change this behavior.
The future of biometric authentication and user experience
There's no question that biometric authentication — using a piece of yourself like a fingerprint, voice or facial photo — is safer and theoretically easier than typing in a password. According to Verizon's 2017 Data Breach Investigation Report, organizations aren't doing enough "if a username and password is the only barrier to escalating privilege or compromising the next device." Implementing two-factor or multi-factor authentication — a combination of security methods, such as what you have (a phone), what you know (a passcode) and who you are (biometrics) — is essential to enhancing mobile security. However, widespread adoption won't happen until the user experience becomes catches up to technology and becomes frictionless for consumers.
For most people, the first and only exposure to biometrics is using the Touch ID on a smartphone. Tech giant Apple proved that consumers will use biometrics if the experience is seamless and intuitive. After a user "trains their phone," the experience is usually good, and the user continues to utilize the security feature.
There's now no longer the need to remember a four-digit PIN or answer those overdone security questions: your mother's maiden name, first pet's name or where you met your spouse, to name a few of the classics. Instead of typing in a password, you rely on your fingerprint. This is an example of a vast change from the well-established behavior of using passwords for everything to authenticate through a much more convenient — and more secure — method.
Unfortunately, not all problems have been solved with Touch ID. Anyone can bypass Touch ID and instead get into the account using a password. Fingerprints can also be spoofed by creating a mold of a fingerprint, using a simple household item like Play-Doh. Following the recent iPhone launch, we've now learned that Apple is a replacing Touch ID with facial recognition in a new iteration of its smartphone.
While the tech company has taken necessary measures to increase the security of this biometric authentication by adding a frontal infrared camera along with a dot projector to make it difficult for spoofing attacks, there are still valid concerns surrounding the tech. People with genetic similarities, for example, can influence the performance of facial recognition technology and make false decisions. The genetic similarity between related individuals like twins or father and son will contribute to the lack of uniqueness of a face, which could impact the security of Face ID, though the nascent tech is still too young to tell for sure.
With Apple's latest gadget, you can check the convenient box, but you can't really check the security box. Companies are looking to combat these concerns by developing software that's both convenient and secure. Biometrics is one example of this that's made its way to the forefront of consumer technology. It's been around for decades, but is still in its infancy when it comes to wide-scale adoption, in large part due to usability and cost. The ease of Touch ID in smartphones has gone a long way to raise the profile and interest level around biometrics.
But despite the tech's potential to replace inputting passwords, technology professionals and marketers still need to develop a user experience that engages more people enough to fully adopt biometric authentication.