• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

‘Kids Do What They’re Taught’: How to Get the Next Generation Off of Passwords

September 17, 2021

At this point, the consensus is clear. Passwords are a vulnerable and outdated security measure, and data will be safer once organizations and individuals progress to stronger forms of authentication. The problem is that it’s difficult to move people away from what they know. Tech insiders may be familiar with more effective technologies like biometrics and security keys, but many members of the general public cannot even conceive of a security framework predicated on something other than a secret string of letters and numbers.

 'Kids Do What They're Taught': How to Get the Next Generation Off of Passwords

That’s why the a recent study from the NIST was so concerning. The study looked at the password habits of young children, and revealed that children exhibit many of the same bad behaviors as their parents. People of any generation tend to reuse passwords, and share those passwords with their friends. In that regard, the study suggests that passwords are inherently flawed, at least to the extent that they incline people towards poor security practices.

The real issue is that the study shows that those practices are being perpetuated. Despite all of the attempts to raise awareness about other security technologies, passwords are still the primary security measure for another generation. The longer that goes on, the more that behavior becomes entrenched, which further delays the rise of passwordless authentication.

So how do you combat that problem? And what implications does the NIST study have for those working to get rid of passwords?

Teachers First

According to FIDO Alliance Executive Director and CMO Andrew Shikiar, the NIST’s findings do not necessarily change the task currently facing privacy and security advocates. He thinks the next generation will be fine because it’s easy to teach kids new tricks.

“People can have behavioral change. I’m less worried about kids than I am about adults because kids are very malleable, for better or for worse,” Shikiar said. 

“Kids do what they’re taught. They don’t always do what they’re told, but they do what they’re taught, and they’re being taught by teachers who have been using passwords for all their lives.”

The problem, then, isn’t that kids are learning bad habits (though that’s obviously less than ideal), but that teachers are still passing on the same assumptions that they learned when they were younger. After all, most of us were raised with passwords, and recognize them as the thing that stands between our secrets and potential cybercriminals.

The upshot is that if you want to reach kids, you first need change the minds of the parents and teachers that have been entrusted with their care. Fix that problem, and the next generation will sort itself out in time.

“The education market isn’t always the most nimble, but there’s a good opportunity to not only practice better authentication habits today, but in doing so, to educate tomorrow’s users, the next generation, on practicing better login hygiene,” Shikiar said.

Market Change

Of course, getting older people to unlearn their habits is easier said than done. Thankfully, Shikiar believes that it is possible to achieve that cultural shift with the proper messaging.

“At the end of the day, not entering a password is easier than entering a password, but people aren’t accustomed to that,” he said. You just need to find a way to convince people that the technology is safe in order to get them on board.

“How do you get people to choose to enroll a biometric?” Shikiar asked. “What’s the right terminology? What’s the right iconography? What does the user journey have to look like to get someone to enroll, and then utilize, a biometric authenticator versus a password?”

 'Kids Do What They're Taught': How to Get the Next Generation Off of Passwords

The fact that passwordless authenticators are so easy to use is ultimately what makes them easy to teach. In FIDO’s own research, people are initially reluctant to use biometrics. However, Shikiar indicated that the vast majority (97 percent) are eager to use the technology once they understand what is happening, and how it works. The market has also borne that out, most notably with the debut of Touch ID.

“Apple has proven that it’s possible to consumerize better security and better logins,” Shikiar explained. “When Touch ID first came out, people are like, why would I need to do that? I can just use my PIN code to unlock my phone. But all of a sudden people liked Touch ID. The mass consumerization of biometric technology on handsets, and the widespread acceptance of that as a preferred means to unlock, tells me that it’s not a huge leap to get people to go understand what I do to unlock is now what I do to log in. That’s a small leap.”

The challenge now is to build on that success. Passwordless technologies like security keys and biometric authentication are already sophisticated enough to deploy at scale. That means that public perception is the only thing slowing adoption rates. Companies like Samsung and Google followed in Apple’s footsteps with fingerprint sensors and facial authentication in modern smartphones, and a similar push could create a similar shift with other sectors and devices.

Ask for Permission

While changing adult minds can lay the groundwork for cultural change, it is not necessarily sufficient when it comes to protecting children. There are unique legal considerations when dealing with minors that aren’t there when dealing with consenting adults, especially when it comes to the collection of biometric data. After all, how can you use biometrics to verify a kid’s identity if that kid cannot give you permission to use that data in the first place?

To an extent, educators can sidestep the problem with technologies like security keys. Those kinds of device-based solutions may not be good for young children who are apt to lose them, but they can be effective for older students. For example, teachers could hand out security keys at the high school and university level, and the students could use those keys (instead of passwords) to log into shared computers, or to log into remote learning tools.

However, Shikiar believes that there is still a role for biometrics at any age. He drew a distinction between remote and local authentication systems, and argued that the latter can enable the safe use of biometric data for kids since it does not involve any data collection.

“I’d be fine with my kids using biometrics on a Chromebook as long as it was stored locally on that device,” said Shikiar, who has a 9-year-old and a 10-year-old of his own. “If they want to use biometrics, they should use the technology that’s built into devices that kids are using [to access educational materials]. Use local authenticators to let kids log in.”

As it relates to kids, local technologies minimize the legal exposure for tech developers because there is no database for hackers to break into, and the company cannot access or exploit the data for commercial purposes. The actual biometric data (whether it be a fingerprint, a faceprint, or some other modality) stays on the device, and remains in the possession of the individual who registered it. That also means that businesses do not need to ask for consent (even for minors), since they are not asking to see, store, or use any sensitive information.

For Shikiar, that makes it the only viable biometric authentication option for minor citizens. One of the main drawbacks of passwords is that they are stored in a centralized location, and server-side biometrics only recreates that problem.

“Even a strong password can be manipulated out of your hands. It can be stolen off a server,” Shikiar concluded. “Until we get rid of these server-side credentials, we won’t be able to break the cycle of credential theft, credential stuffing, and data breaches.”

*

Whatever the case, the simple fact of the matter is that the current generation of children is being raised online. They are gaining access to online services from a young age both at school and at home, and that means that their caretakers need to make sure that those outlets are as secure as they would be for an adult. The NIST survey demonstrates that parents and educators have not yet accepted that responsibility, and that needs to change if the tech industry wants to cultivate a truly passwordless society. 

–

(Originally posted on Mobile ID World)

Related News

  • Auth0 Promotes Passwordless Security With New WebAuthn SolutionAuth0 Promotes Passwordless Security With New WebAuthn Solution
  • BindID IoT Security Solution Leverages Face, Fingerprint BiometricsBindID IoT Security Solution Leverages Face, Fingerprint Biometrics
  • On-Device Biometrics Month: The PrimerOn-Device Biometrics Month: The Primer
  • In Pursuit of Digital ID: Identity News DigestIn Pursuit of Digital ID: Identity News Digest
  • [Speakers Announced] Join FindBiometrics For a Virtual Identity Summit About All the Hottest Identity Markets[Speakers Announced] Join FindBiometrics For a Virtual Identity Summit About All the Hottest Identity Markets
  • Want to Know What’s Next for Biometrics and Digital ID? Take Our SurveyWant to Know What’s Next for Biometrics and Digital ID? Take Our Survey

Filed Under: News Tagged With: authentication, Biometric, biometric authentication, biometrics, facial recognition, FIDO Alliance, FIDO authentication, fingerprint recognition, mobile biometrics, passwordless authentication

Primary Sidebar

Want To Deploy Biometric Access? Download This First:

The resources in this bundle will give you the know-how to choose the right biometric access for your organization.

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

With its secunet border gears product portfolio and specialised consulting expertise, secunet supports police forces and security authorities in their sovereign tasks. Whether ABC gates, self-service kiosks or biometric middleware – each component helps to strengthen identity protection and to accelerate verification – in mobile and stationary scenarios.

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

Recent Posts

  • Highlighting Biometric Security, NC DMV Head Pushes for Mobile Driver’s License
  • NY Attorney General Takes Aim at Madison Square Garden: Identity News Digest
  • [New Sponsors Announced] Feb 15 Virtual Summit Sessions Announced: Digital ID in Healthcare, Financial Services, Travel
  • After 250% Revenue Spike, São Paulo Onboarding Startup Goes Global
  • In Pursuit of Digital ID: Identity News Digest

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics