Biometric Security is Progressing, but Some are Lagging Behind: NNL

Big-name organizations in the public and the private sector are publicly embracing biometric security, while others are stubbornly holding to outdated security systems, making for a very mixed bag when it comes to the current state of biometric security – so argues Nok Nok Labs in a new blog post entitled, ‘What is the state of biometrics?’Biometric Security is Progressing, but Some are Lagging Behind: NNL

NNL starts off by pointing to the mobile biometrics revolution, which has put fingerprint-based authentication into a great many consumers’ pockets over the past few years. And as can sometimes happen with major societal shifts, government organizations are now starting to catch up with trends in the public, with NNL pointing to a recent cybersecurity-focused executive order from the White House, the PSD2 regulations in the European Union, and the UK’s National Cyber Security Strategy – all of which “make specific mention of how to handle biometrics and what biometrics are good for.”

Meanwhile, in the private sector, MNOs, payment services and banks, and IoT-focused companies are all putting an increasing focus on biometric security. Indeed, fingerprint authentication is mandatory for Apple’s digital payment service, and Samsung has indicated that iris scanning is going to be central to a whole payments ecosystem in the future.

And yet some are still lagging behind. NNL calls out the Social Security Administration for sticking to the “outdated models of passwords, one-time-passwords, email resets and SMS messaging”; and also argues that organizations advocating for server-side storage of biometric credentials “refuse to learn the lessons of the Office of Personnel Management breach in 2015.”

Still, progress has clearly been made, and the trajectory points upward to stronger biometric security reaching more organizations and end users.