How Biometrics Technology Is Changing Businesses' Security

As biometrics becomes more precise in confirming identities, a growing number of businesses are using one or more types of the technology to grant employees access to facilities, devices and data.

Karen D. Schwartz, Contributor

July 27, 2021

5 Min Read
iris scan for identity confirmation
Getty Images

You walk up to the door of your office building, stare at a screen for a second, speak your name into a wall-mounted microphone, and the door magically opens. You take the elevator to your floor, sit down at your desk and start your workday. On the days when you work at home, the process is somewhat similar: You sit down at your desk, stare into the camera of your laptop, press your finger on the pad, and your office desktop becomes immediately available on your home laptop.

If you haven’t experienced this type of identity and access checking on the job, it’s probably just a matter of time. But it’s probably already familiar to you in your personal life. Biometrics has become part of the everyday world: mobile phones with touch ID, smart doorbells with facial recognition capabilities and voice authentication for customer service, just to name a few instances of biometrics technology at work.

At its core, biometrics refers to either physical or behavioral characteristics used to verify a person’s identity before granting them access to facilities, devices or data. Unlike passwords, which are relatively easy to evade, biometrics are unique to each individual, permanent, measurable and forgery-proof. And in the post-pandemic world, biometrics—especially contactless types—have become even more important.

“It’s not that biometrics is more or less secure. It’s that it ties you to your identity and confirms that you are who you are claiming to be,” said Ondrej Krehel, CEO of LIFARS, a cybersecurity services company based in New York.

And over the past few years, biometrics technology has become more precise in terms of identification, mainly due to advances in machine learning technologies, said Kirill Kruglov, senior research developer for Kaspersky. “These days, biometrics allows us to identify a person by using many factors at once—face, voice, behavior and even style of typing on a keyboard—even if any single piece of information is fuzzy.”

For all of these reasons, biometrics is exploding in the business world. According to KPMG, 38% of companies have increased their investment in biometrics by 20-39% compared with the previous year, while 16% have increased spending by 40% or more.

Businesses are using biometrics technology in many ways. In addition to securing mobile devices, other research finds that 17% are using it for their time clock system, 11% for server room door locks, and others for email usage and applications with sensitive data.

Types of Biometrics

While there are many types of biometrics, including gait recognition and DNA, the following are the most common in the business world:

Fingerprints: Many people use fingerprint scanners in their daily lives, so adoption in the business world isn’t a big leap. Fingerprint scanners are increasingly common for computer access and physical access to buildings and offices within buildings. Depending on the type of scanner used, the system either analyzes a digital image, measures the distances between each part of the finger or uses ultrasound to map the finger. It is one of the most common types of biometric authentication. Even more advanced and accurate is vein recognition, which examines the unique veins in a person’s finger using infrared light. An offshoot of fingerprint and vein recognition is hand geometry, which identifies users from the shape of their hands.

Retina/iris recognition: This type of biometrics uses infrared light and an IR-enabled camera to identify a person through the unique pattern of their iris or retina. It is considered highly accurate.

Facial recognition: Facial recognition systems identify a person by mapping facial features such as the distance between the eyes or length of the jawline to a database of known faces to find a match. Increasingly, these systems are three-dimensional.

Voice recognition: Voice biometry verifies identity by comparing a person’s tone, pitch and frequencies to a previously stored template of their voice. Recent testing shows just a 0.01% false acceptance rate.

Behavioral identifiers: This is another category of biometrics, separate from physical biometrics. Typically, it uses a variety of factors about a person's work environment—like mouse and keyboard movements, how they write, the way they hold objects, how they gesture and how they walk, along with physiological characteristics—to build a profile of the user. That way, a company can be sure that it’s the correct user, not someone else, typing at their keyboard.

Trust but Verify

As effective as biometric identification is, it always pays to be cautious. That’s why experts still recommend using two factors—either two biometric factors, or one biometric factor and something else, like a password.

Being able to fully rely on biometrics without combining it with other forms of authentication is still a way off, said Merritt Maxim, a vice president at Forrester Research. “At this point, you’re probably still going to want a PIN or something like that to provide a higher level of authentication. I don’t think we’ll see a complete biometric solution in the near future.”

While adoption among businesses is growing rapidly, Maxim said there are mitigating factors, such as the cost of biometric readers and integration with other systems. “That’s why passwords are still prominent—they work with anything. Biometrics may have a limited utility, at least for now.”

Others voice concerns about privacy, citing the danger of companies collecting personal data about employees that, if intercepted by others, could prove dangerous to them. That’s why Forrester recommends that organizations planning to deploy biometric authentication consider privacy implications beginning with the initial planning phases. The firm recommends prioritizing respect for users’ personal data and using regulatory compliance as a starting point.

About the Author(s)

Karen D. Schwartz


Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like