19 Jan 2021

With cyber threats targeting the enterprise reaching new heights last year, and the deadline for Strong Customer Authentication (SCA) just around the corner, companies operating within Europe will be wondering how to protect their users and workforce from threats, without adding further disruptions to workflow or complexity to the login experience.

Without disregarding the deadline for SCA, businesses must avoid rushing to adopt solutions that are inherently complex and insecure, such as those that are partly dependent on passwords or legacy 2FA authentication, as these methods can still leave private systems susceptible to threats.

Security and IT leaders must instead prepare to adopt intuitive authentication solutions that make strong, secure authentication as easy as possible for the user. To free one from the dependency on outdated authentication technology, one must start considering how user-friendly authentication technology, like biometrics, can be leveraged to enhance security.

Accuracy of biometrics

There’s really only one option when it comes to strong authentication: the simplicity and accuracy of biometrics can enhance security and the login experience all at once.

Biometrics are unique to each user and require little conscious effort, they can help solve many of the user's pain points

Since biometrics are unique to each user and require little conscious effort, they can help solve many of the user-experience and security pain points associated with more cumbersome authentication methods, like usernames and passwords, or email and SMS two-factor authentication.

Their inherent simplicity is the exact reason users have become becoming increasingly comfortable using biometrics to access their personal devices and accounts.

Users are ready for biometrics, is Europe?

However, despite the clear benefits, the adoption of biometric solutions at the enterprise level has been slow in Europe compared to Asia, Africa, and Latin American markets. One obvious reason for this trend is that companies operating in the European Union are under more regulatory pressure to protect sensitive biometric data under the General Data Protection Regulation.

Thus, processing sensitive biometric data, which cannot be readily changed in the event of a privacy breach, comes with an unprecedented level of responsibility — a burden that many businesses simply don’t want to carry.

The good news is that solutions leveraging privacy-enhancing technologies directly address the issue of privacy about the use of biometrics.

Privacy-enhancing technologies

Privacy-enhancing technologies can be leveraged to securely store private authentication data on the cloud

Privacy-enhancing technologies is an umbrella term for a range of advanced cryptographic techniques for processing, storing, and managing private data in a way that does not expose the data to any party involved in the process.

Privacy-enhancing technologies can essentially be leveraged to securely store private authentication data on the cloud using distributed systems. While this might not mean anything to the average user, the ability to securely store biometrics on a distributed cloud network is nothing short of revolutionary in cybersecurity.

Current biometric solutions — take Face ID for example — lock biometric data to a user’s device, essentially marrying a user to it and as a result creating a chain reaction of user-experience issues if the user loses access to that device.

Distributed cloud storage

Distributed cloud storage gives users more control, as they can essentially use one set of biometrics across multiple devices. In terms of user experience, this allows for features such as biometric-enabled account backup and recovery and multi-device registration.

In terms of enabling strong security, this means that companies can have greater assurance that a user is who they say they are (as each user only has one set of biometrics for all their devices).

For companies using legacy authentication solutions (usernames and passwords) that rely on centralized databases to store private credentials, the transition to private-by-design distributed cloud systems can reduce the impact of security breaches, helping to restore trust and improve relationships with employees, users, and external stakeholders.

The opportunity

Privacy-first solutions improve security and compliance posture, without impeding productivity or user experience

The future of security depends on the ability to make authentication fast, easy, and as minimally disruptive to the user journey as possible.

Solutions that replace cumbersome authentication methods, with user-friendly, privacy-first solutions will dramatically improve their security and compliance posture, without impeding productivity or user experience.

It’s up to companies whether or not they’re ready to embrace this step change. Those that do will become significantly more resilient to threats, and attractive to customers.