Editorial

Delivering a biometric experience that users love, rather than loath

We can expect six billion biometric apps by 2025. Philip Black, commercial director at Nomidio, discusses the challenges of those apps being linked to your personal device

Posted 11 November 2020 by

According to Juniper Research, six billion instances of biometric identity apps will be in use across the world by 2025. That’s right, six billion. Nearly enough for everyone on the planet to authenticate using their biometrics.

In a sense this is great news as the security of authentication takes a major step beyond usernames and passwords. But on the other hand, how many different biometric apps will we need to prove our identity? And perhaps a more important question: should we aim to have a plethora of identity apps in circulation?

The reason we’re heading for billions of identity apps is that virtually all today’s biometric authentication systems depend on the biometric capabilities of smartphones. Whether it’s face, voice or fingerprint, modern phones have been able to capture our biometric identifiers since the widespread introduction of sensors, beginning around 2012. Biometric identifiers are then held and managed locally on the device and that’s why an app is needed to interact and coordinate the device-based approach.

This is a problem on a number of fronts. Firstly, who really wants to have endless apps on their phone related to the various companies they interact with? Ok, we might tolerate five or six apps for the services we use frequently but we know users need to authenticate with hundreds of organisations. Nobody wants hundreds of apps. In fact, new research from FICO found only 36 percent of banks (an advanced sector for identity systems) capture and validate customer identities in the same channel, forcing users to download multiple apps to interact with a single bank.

But there’s a more fundamental problem with an app-based approach. It binds a person’s identity to the device that captures, stores and manages their biometric identifiers. So what happens if I lose my phone? If it runs out of battery? If it is an old model that can’t support the latest operating system? If I want to continue a shopping session on a larger screen? The list continues. The answer is: I can no longer prove my identity because it’s tied to that phone. This is actually a UX regression compared to passwords, because at least users can choose to authenticate on any device with a password.

UX constraints

At Nomidio we’ve long been surprised there hasn’t been more discussion about the UX constraints of the biometric authentication systems being widely deployed today. When we designed our own system we were determined to do it differently and took inspiration from the likes of Netflix along the way. We wanted a true cloud service where the computing and matching occurs on the server side, not on the device.

Nomidio relies on cloud-based biometric engines and an extremely secure and thoroughly encrypted cloud vault within which user biometric identities are stored. This combination means I don’t need to have a specific mobile phone with me when I want to login. It means a user can begin a shopping session on mobile and authenticate using their voice or face, before transitioning to a laptop for a more in-depth session. As long as the device has a camera or a microphone all the user needs is their voice or face and a browser.

So in summary, it’s true that there might be six billion biometric identity apps by 2025. However, we firmly believe that would be a peak as companies discover that the authentication experience is an important differentiator and opt for a cloud and browser-based approach instead.