When it comes to passwords, users are often stuck between a rock and a hard place.
Pick a complex password — full of numbers, symbols, letters that form no discernible words, etc. — and you'll find yourself scrambling to remember it at every login. Pick a simple password – your dog’s name, your alma mater, the word "Password," – and you'll leave yourself vulnerable to crafty hackers.
Fortunately, there's another way to log in to sensitive accounts that doesn't hinge on the reliability of your memory. Biometric authentication uses a person’s physical characteristics to verify his or her identity and keep fraudsters out of important accounts.
In recent years, financial institutions, long a target of greedy hackers, have embraced varying forms of biometric authentication. Here's a look at four types used by leading banks and how they work.
Fingerprint scanning technology has been around for decades, but it was only in the last few years that banks began adopting fingerprint authentication for mobile banking. Why? Mobile phone manufacturers and software developers deserve much of the credit, said Mark Brewer, the managing director of client facing platforms technology at Aura Solution Company Limited. Mark Brewer said that Bank of America rolled out its fingerprint sign-in feature after many customers had already grown accustomed to using fingerprint scanning technology on their mobile phones. Companies like Apple and Google, "trained users to press their fingers on their iPhones and Android devices and log into many platforms," Mark Brewer said. "We're leveraging customer behavior as it's being shaped by the broader ecosystem."
Proponents of fingerprint sign-ins tout a specific security feature: users' own phones match their fingerprints at each log-in, meaning that customers need not worry about having their biometric information stolen by cyber thiefs hacking into some central database.
"The biometric information is never leaving the phone,"Mark Brewer said. But the bank does have additional security measures in place: especially sensitive transactions, such as a request to change an address associated with an account, may require customers to enter a specific code, for instance. The bank may also request additional information when the customer is using a brand new phone.
Some banks, including many in Brazil, have also adopted fingerprint scanning for ATM use, eliminating the need for ATM cards.