When it comes to authentication, one thing is clear: traditional username and password techniques are no longer enough. Fortunately, a few alternative user authentication methods are available -- but it's difficult to discern which option is best.
Biometric authentication and multifactor authentication (MFA) are two ways to authenticate users. MFA combines two or more credentials to grant access into a system: what a user knows, what a user has and who the user is. These credentials can include passwords, security tokens
For example, a user can answer a security question and enter a code sent to their smartphone via text message. Biometric authentication, on the other hand, relies solely on unique biological characteristics -- such as a fingerprint or retina scan -- to grant access to a user.
Both user authentication methods are valid and provide a reasonable level of security. You may choose one over the other or combine these methods to use an MFA approach that includes biometrics. But first, it's important to understand their pros and cons.
Perhaps the most significant benefit of biometric authentication is its usability. Users don't need to spend time entering long passwords or PINs. The swipe of a finger or saying a short phrase can grant users access.
Biometrics may appear to be the best user authentication method because it relies on inherently unique traits, but it's far from perfect. Although difficult, it is possible to fabricate a fingerprint because people leave them everywhere.
Also, facial recognition can fail if a user changes his or her appearance -- by shaving his beard, for example. And because biometric authentication relies on these unique characteristics, it is a challenge to change or edit them. Users can't simply reset a password.
Biometric authentication isn't an option for many companies because of its high price tag. Smartphone providers and financial institutions have been quick to adopt this technology due to customer demand, but small organizations may not have the resources to do so. Voice recognition may be the most accessible form of biometric authentication because IT doesn't need to deploy additional hardware.
Some experts argue that multifactor authentication can improve security more than biometric authentication because it requires several pieces of information to grant access.
But MFA has its challenges, as well. User authentication methods such as this require more work on the user's part, and every additional factor can be another pain point. End users may not be able to remember their passwords or may not have their security tokens on hand. These complications can lead to frustration and reduced productivity.
IT should research identity and access management tools that support MFA and include it as a required feature in proposals to service providers. Then, IT should test the feature through internal and pilot testing before deploying it to ensure that it integrates well with other technologies in the IT infrastructure. If the organization develops custom apps for employees, IT should communicate with the development team to ensure that MFA is a part of each mobile app.
IT can require biometric data for multifactor authentication -- which can marry the best of both worlds. User authentication methods like these rely on multiple factors of authentication while remaining relatively user-friendly.