Is The Jury Still Out On Biometrics?

An IT organization, Spiceworks, found in a recent survey that 62 percent of organizations currently use biometric authentication technology, and 90 percent plan to be using it by 2020.

According to the survey, 57 percent of organizations use fingerprint scanning technology; 14 percent use face recognition technology; five percent use hand geometry recognition; three percent use iris scanning technology; and two percent use both voice recognition and palm-vein recognition. Apple Touch ID is the most commonly used fingerprint scanner, and Apple Face ID is the most commonly used face recognition technology.

Of organizations surveyed, 46 percent use biometric authentication on smartphones; 25 percent on laptops; 22 percent on tablets; 17 percent on employee time clock systems; and 11 percent on server room door locks.

Spiceworks surveyed 492 IT professionals in North America and Europe in February 2018 for its findings. "Spiceworks Study Reveals Nearly 90 Percent of Businesses Will Use Biometric Authentication Technology by 2020," (Mar. 12, 2018).


Although many organizations use biometric authentication technology, uncertainty about its security remains.

The Spiceworks survey found that, although slightly over half of IT professionals believe biometric data is harder to hack than traditional passwords, only 23 percent think it will replace text-based passwords in the next two to three years.

Many cybersecurity experts are concerned that biometric authentication technology vendors do not tell them the truth about hacking risks. The majority of IT professionals said that there is not enough transparency concerning vulnerabilities discovered in biometric systems or in the privacy of biometric data collected by vendors.

Only 10 percent of respondents in the above survey thought that biometrics were secure enough to be the only form of authentication used by an organization.

The most serious risk posed by switching to biometrics as your sole form of authentication is: what would your organization do if that data was hacked? When a password is stolen by cybercriminals, employees can create new passwords. If fingerprints are stolen, employees cannot get new fingerprints—that form of authentication is compromised forever.

Even if your organization uses some amount of biometric authentication, you should still use passwords in conjunction with biometric authentication and train employees on creating strong passwords.

Require employees to use at least 15 alphanumeric when creating passwords. They should avoid using personal information that is easy to discover; words found in a dictionary in any language; or common letter/number patterns. Have employees use a unique password for each account and change it every three to six months. 

Finally, your opinion is important to us. Please complete the opinion survey: