This post originally appeared on The New York Times.
Passwords are a leftover from the stone age of computing. They survive because people prefer convenience to security. But it's time to get rid of them, because they are unavoidably insecure — the most commonly used password is 12345, followed closely by 123456 — and easily stolen or spoofed.
People tend to forget complex passwords, and two-factor authentication (usually, confirming a log-in from another device) is better, but even that method can still be defeated. Plus, it's inconvenient.
The need for biometric security goes well beyond banks. But of course, there is resistance to it. Biometrics, on the other hand, can provide authentication that is both secure and convenient. Some uniquely identifying personal feature — eyes, face, fingerprints, voice — is converted by the computer into a unique code, which is then used to identify the individual to a network or device. The code is a complex identifier, harder to spoof than a password, and as we move to an internet where people connect using mobile devices loaded with sensors, biometrics are a logical next step for authentication of identity. Best of all, consumers don’t need to remember anything other than to carry their phones.
New technology is often greeted with nervous dystopian projections (think “frankenfish” or “spy chips”) — an irrational, but not unexpected, fear that what we create will undercut privacy or displace humans, that we will build tools we cannot control. But we already live in a networked society, and biometrics offer a chance to better secure our place within it. Just because the pace of technological change is fast doesn't mean we should fear or reject it.
Biometric technology is not perfect — no technology is ever perfect — but it has significantly improved in the last five years and it is better than what we have now. Let companies and consumers choose where they will use it, and we will be better off.
