Biometrics: Secure And Convenient Access In The Workplace
Modern working life has changed dramatically in the last decade. Driven by the growth of a millennial workforce, working behaviours and communications are more agile, digital and mobile than ever before. Remote working has risen 140% since 2005, a figure that will undoubtedly continue to rise in light of the pandemic. And its benefits are well studied: people are more productive, more motivated, and report a better work-life balance.
The traditional office space and the digital collaborative working platforms we access both inside and outside of “work” have changed. In turn, there is a requirement for increasingly sophisticated access control and security products and systems. Today, and in the future, biometrics can play a crucial role in empowering workplaces both physically and digitally.
Biometrics: accessing the right area
Physical access and alarm systems are the first, and perhaps the most obvious area, biometrics is securing workplace access control – whether it’s to access office buildings, manufacturing floors, or even private rooms and safes.
The humble key is easily lost and stolen, yet still represents 80% of door lock security
The humble key is easily lost and stolen, yet still represents 80% of door lock security. And while digital solutions are gaining traction, PIN entry not only offers a poor UX, but requires close management, given its vulnerability to loss and misuse. Access fobs and badges pose similar challenges. Say, for example, an employee loses his badge to a restricted lab or highly confidential development centre on his commute - the security of the building is instantly compromised.
By adding biometric authentication to cards or fobs, employers need no longer worry about them falling into the wrong hands. Without the correct user to authenticate, access to buildings, business operations and company files remain secure without needing to update any management systems. Moreover, by using this personal ‘on-device’ approach, employees no longer need to worry about the hygiene of shared sensors or PIN pads. Meanwhile, businesses can also avoid the technical and legal challenges of needing to manage a biometric database. A win-win.
Touch-free biometric solutions are another compelling way biometrics can not only improve security, but the user-experience and personalisation of security systems. Today, many touchless authentication solutions are combining the strong security of iris authentication with facial recognition to offer a compelling balance of security and convenience. This combination also means a reduction in false rejection due to physical changes, as it continues to authenticate even when wearing sunglasses, face masks or in bright sunlight, for example.
Touchless solutions can bring benefits to numerous use cases and settings. Firstly, they can be utilized for mobile credential authentication on personal devices for seamless access to company servers, apps, or VPNs. It can also be implemented in traditional physical settings, offering the capability to alter access rights for personnel too. An R&D lab or healthcare setting is a good example here where restricted access to areas is in high demand, but would also benefit from a hands-free, seamless entry.
Computers and laptops sit at the heart of the modern-day business set-up – whether at home, in the office, or on the move. In parallel, the evolution of modern working behavior changes has seen the number of applications, cloud-based services and shared VPN drives used reach an all-time high. While the benefits are numerous, the extensive PIN and password management that accompanies this is problematic.
6 out of 10 users felt they had too many passwords
For users, they are a source of frustration and anxiety – our research found 6 out of 10 felt they had too many passwords, and worried about forgetting them. In turn, many are all too familiar with the laborious process of setting a complex password, forgetting it, and needing to reset again after several failed attempts. While complex password requirements (such as requiring capitals, numbers, and special characters) mitigate risk in theory, in practice they create a major point of friction in the user experience and require significant management.
From a business perspective, security and cost concerns are even greater. Microsoft reportedly spends around $12 million a month on forgotten passwords. Worryingly, workplace security breaches are increasing too, with 54% of IT professionals reporting an increase in phishing attacks according to a recent Mimecast report. Here, the end-user is usually the weakest link due to easily guessed passwords, complacency, and the use of the same password across multiple apps and accounts.
Biometric authentication via unique personal devices such as USB dongles, or by utilizing on-device authentication on a smartphone offers simple and frictionless way to increase security for the enterprise, free up IT teams and offer a better user experience to employees. FIDO-certified solutions are just one compelling solution supporting this. Plus, biometrics can also be used to authorize selected employees to access restricted areas of an organization’s network, protecting confidentiality. Meanwhile, with 80% of smartphones now featuring some form of biometrics, utilising biometric authentication for smartphone applications in the workplace can also be done at a relatively low-cost investment.
With more flexible working in place, many workplaces now operate a ‘hot desk’ system or share devices such as printers between colleagues. This is another instance where biometrics can be used to simplify access to personalized settings or employee accounts.
In the future, this could even be integrated into wider office use cases, such as personalizing the air conditioning preference in meeting rooms or unlocking your personal settings on the coffee machine with a simple touch or gesture.
More with multimodality
Multimodality layers more than one type of biometric authentication to increase security and improve functionality and ease of use. For example, combining fingerprint with facial or iris to verify someone’s rights to access a secure manufacturing floor. While spoofing a fingerprint is challenging enough, spoofing a fingerprint and iris at the same time is near impossible. What’s more, by combining more than one modality, access control product manufacturers can reduce the false rejection rate (FRR) to deliver even smoother experiences.
Secure, seamless authentication
For enterprises, adding biometrics needn’t be a full ‘rip and replace’ solution. In fact, it can be added as a complement to existing solutions for added security without creating additional user friction. A biometric card or key fob can replace existing contactless access cards without big investments, or a biometric USB dongle can be added to email or VPN login to significantly enhance security, without infringing ease of use.
A biometric card or key fob can replace existing contactless access cards without big investments
To meet this demand, our access control service and solution partners are integrating biometrics for a wide range of physical and logical use cases. It’ll be unsurprising that locks and alarms are top of the list, but with the rise of widespread remote working over the last 10 years and the fight against PINs and passwords being led by organizations like FIDO, logical access for VPNs and work and time attendance, for example, are coming to the fore.
Overall, biometrics can not only play a role in securing the modern workplace (wherever that may be), but can also give time and money back to IT and security teams. Most importantly, it can be a tool to empower workforces, driving efficiency and productivity through improved convenience and greater flexibility over how, when and where they work.