More Organizations Are Adopting Biometrics for Security—But Barriers Still Remain

For years, biometrics technology has been discussed as a possible solution for more effectively controlling access to systems and networks. But the technology has often been deemed to be too expensive for many organizations and too invasive for end users—and as a result adoption has been slower than some might have thought.

It looks like biometrics’ time to shine might finally be arriving, however. Certainly recent research shows that the technology in its various forms is making inroads into corporate security strategies, and the forecast is for broader acceptance in the coming years.

A recent report by online IT community Spiceworks on the adoption and security of biometric authentication technology in the workplace showed that 62% of organizations currently use biometric authentication technology. An additional 24% plan to use it within the next two years.

For its research, Spiceworks surveyed 492 professionals from North America and Europe in February 2018. The respondents were from among the millions of IT professionals in the Spiceworks community, representing a variety of company sizes and industries.

The findings of the report indicate that although most IT professionals think biometric authentication is more secure than traditional forms of authentication such as text-based passwords, PIN numbers, and personal security questions, only 10% of the respondents think biometrics are secure enough to be used as the only form of authentication.

Fingerprint and face scanners are the most common types of biometric authentication used for corporate devices and services. The results show that more than half of the organizations (57%) are using fingerprint scanning technology, while 14% have deployed face recognition technology. Other biometric methods have much smaller installed bases. For example, hand geometry recognition is used by 5% of the organizations, iris scanning technology by 3%, voice recognition by 2%, and palm-vein recognition by 2%.

A closer examination of the types of fingerprint scanners organizations are using on company devices and services show that Apple Touch ID is the most commonly used, with 34% of the organizations having deployed the product. That’s followed by Lenovo Fingerprint Manager (13%) and Samsung fingerprint readers (13%). Fewer are also using fingerprint scanners from Microsoft and Dell, while 23% are using fingerprint scanners from other vendors.

As for the specific types of face and iris recognition technologies used, the results show that 14% of organizations are using Apple Face ID, 13% are using Microsoft face login via Windows Hello, and 7% are using Android Face Unlock.  

While 46% of organizations use biometric authentication on smartphones, 25% use it to authenticate employees on laptops and 22% on tablets. In addition, 17% of organizations use biometrics to verify employees on time clock systems, and 11% use it on door locks for the server room. Other uses for biometrics in the workplace include technology to authenticate employees on applications with sensitive data, wearables, and email, the report said.

Clearly there are still barriers to adoption of biometrics. More than three quarters of the IT professionals surveyed (67%) cite cost as the biggest barrier to the adoption of biometric authentication. Other top barriers to adoption include reliability concerns (59%), systems upgrade requirements (47%), and the storage/management of biometric data (42%). Furthermore, 42% of IT professionals think employee push back is a barrier to adoption. This might be influenced by privacy concerns and resistance to change, the study said.

Even though biometric authentication technology in the work environment has already become common, many IT professionals still do not trust the technology. More than half of IT professionals think biometrics systems are harder to hack than traditional text-based passwords, but only 23% think biometric authentication will replace traditional text-based passwords in the next two to three years.

The distrust around biometrics is possibly due to a lack of transparency from vendors around the security risks, the report said. According to the survey results, about two thirds (65%) of IT professionals think there’s not enough transparency about the vulnerabilities discovered in biometric systems. Nearly as many (63%) think there isn’t enough transparency regarding the privacy of biometric data collected by vendors. In fact, nearly 60% of IT professionals said they need more information about where technology vendors store biometric data.

Many IT professionals are simply not convinced that biometrics can serve as a secure and reliable replacement for the standard username and password combo, noted Peter Tsai, senior technology analyst at Spiceworks. Unless technology vendors can address the security issues and privacy concerns associated with biometrics, he said, the technology will likely be used side-by-side in the workplace with traditional passwords, or as a secondary authentication factor for the foreseeable future.