Ever since the first mobile phone with a fingerprint scanner, surprisingly not the iPhone, has been released into the market in 2004 people have had mixed reviews about it. However, now that most smartphones, laptops, and security devices have the feature built-in or have an option for biometric scanners the question now becomes which is safer.
Along with biometric scanning, there is also the option of Multi-Factor Authentication which allows for a user to sign in with a PIN provided by a randomly generated application, in addition to their regular user name and password. Both methods provide an extra layer of protection and security with the applications that are being used. Another form of protection is through a private key. Private keys stay on your device and are never shared with anyone. This key can be used to unlock a device with a local gesture allowing for it to be unique and difficult to replicate.
In terms of securing information the different forms of biometric and MFA, both do the job well, by making it difficult for hackers to be able to gain access into individual users or a companies systems. What is better depends on the situation, since according to Alex Simmons the Corporate VP of Program Management, ‘99.9% of identity attacks have been thwarted by turning on MFA…'(Microsoft Security Passwordless Protection 2021).
A scenario where biometric scanning might be the better option would be for a health care worker or for someone who is constantly on the go and needs access to information without much hassle. In such situations, using a fingerprint scanner would be the most efficient way for more than one person to quickly access the system while maintaining security.
On the other hand, for someone who works in a lab or in an office where they tend to stay at their desk for extended periods of time then for such users there would not be much difference between a biometric scanner versus using a unique gesture or signing through a randomly generated PIN.
Both scenarios allow for the user to be able to access their information quickly and safely with no compromise to security. In addition, users would not have to worry as often about forgetting passwords or changing them every few weeks in fear of potential attacks. There would also be a reduction in the number of phishing attacks, since logging into a device would require the user to physically replicate different forms of biometrics or have the specific device that is used for MFA. These are only a few of the benefits of password-less authentication, and although it might not always be possible to use finger print or retina scanners on all devices, a combination of traditional authentication mixed with forms of MFA can allow for a very secure device.
Microsoft Security Passwordless Protection. (2021). Retrieved December 10, 2021, from: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2KEup.