Security Staff Are Adopting Biometrics But Can Do More to Eliminate the Password

A survey found that security professionals are making the move to biometrics, but that they could be doing more to protect data.

• By Sydny Shepard
• Mar 15, 2019

A study done at the RSA security conference last week found that security professionals are starting to switch over to biometric authentication, but that more can be done to protect data through the use of passwords.

The poll was done by Veridium Ltd., and found that nearly half of respondents said they're now using biometrics for two to three applications, but only five percent said they're now using it for seven to 10 applications. None of the security pros said they were using biometrics to authorize access to over 11 or more apps.

The survey also found that 56 percent of respondents rely on password mangers to help them remember passwords and nearly 30 percent use 21 or more passwords at any given time.

Some 41 percent of respondents who took the survey at RSA said that they would like to use biometrics the most for work, while 93 percent agreed that there should be greater legislative restrictions around biometric privacy and data.

“Results from the security audience demonstrated why we need to eliminate passwords and how biometrics can ensure consumer data privacy,” a spokesperson for Veridium said. “With password managers full of countless keyword variations and the majority of respondents putting biometrics to use only across two to three applications, there’s a need for stronger, more engrained authentication options.”

Discussing the findings and his time spent at the RSA Conference, Chief Executive Officer James Stickland said that many conversations focused on security for application programming interfaces, which should be a bigger focus in the next year.

“Security is now, more than ever, ‘identity-centric,’ focusing on the individual rather than the broader enterprise – with employees acting as the ‘perimeter of their business,’” he said. “It’s critical that organizations secure their data, implement data-driven policies and authenticate individual access to the enterprise.”