Technology to Replace Passwords Fails User Tests (PsychCentral)
University of Washington engineers are trying to figure out why fingerprint- and eye- and face-recognition authentication technology have not gone mainstream. They found in a recent study that the user’s experience could be key to creating a system that doesn’t rely on passwords.So true, but hardly new. Security is, and always has been, a socio-technical system. We've all seen a waste basket used to keep a self-locking door propped open. If the security measure is disproportionate to the cost of a security breach, people will reject the system. Thoughtful security planners have always known this and it's why one of our mantras around here is "biometrics is about people."
“How humans interact with biometric devices is critically important for their future success,” said lead researcher Cecilia Aragon, Ph.D., a UW associate professor of human-centered design and engineering.
“This is the beginning of looking at biometric authentication as a socio-technical system, where not only does it require that it be efficient and accurate, but also something that people trust, accept and don’t get frustrated with.”
Passwords are also likely to be around for a long, long time, but if biometrics could displace passwords in certain cases and allow for simpler passwords in other cases, that's a big advance. Where simple passwords (PIN's) are sufficient today, biometrics should be able to displace them altogether. Where increasingly complex passwords are required today, applying biometrics should allow for simpler passwords such as 4-digit PIN's.
That's nothing to sneeze at.
