Global bank HSBC has just taken a big step toward enabling users to ditch insecure passwords for high-tech authentication tools such as voice recognition and fingerprint identification. The company today said it would begin offering those options to customers in the U.K. using its mobile app or telephone banking services.
“Today’s announcement signals a shift in the right direction,” said Angela Sasse, director of the UK Research Institute in Science of Cyber Security, in an HSBC statement. “As essential services such as banking become accessible via less effortful and secure authentication technologies, consumers will expect that other day-to-day services make security easier for them, and biometric solutions such as this one will play a leading role in that.”
Security Measures Not Keeping Pace
The bank is calling the rollout the largest ever implementation of biometric security measures in the U.K. HSBC said it anticipates the new security tools will be made available to approximately 15 million customers in the U.K. by the summer. The bank is then planning to bring the biometric technology to customers in Hong Kong, Mexico, Canada, the U.S. and France.
“While technology has evolved at pace, the security measures we use in everyday life have not kept up with the rate of change,” said Tracy Garrad, chief executive at HSBC’s first direct online banking division, in the statement. “Our voices and fingerprints are unique, with physical and behavioral characteristics almost impossible to mimic. While this is the largest roll out of voice ID in the U.K. banking, other industries will soon follow our lead.”
According to the company, the voice biometrics technology works by cross-checking against more than 100 unique identifiers and includes behavioral features such as speed, cadence and pronunciation, and physical aspects such as the shape of larynx, vocal tract and nasal passages.
Customers who choose to opt-in can enroll their “voice prints” and will no longer have to remember or recite security passwords or PINs. Meanwhile, mobile users with iOS devices will be able to use Apple’s Touch ID system to access their accounts through their mobile devices.
Passwords Too Insecure
The steady increase in high-profile attacks against password-protected systems has eroded trust in that method of securing data. Passwords often lack the length and complexity necessary to guard against even the simplest brute force attacks. To make things worse, many people also reuse the same passwords for multiple sites.
We reached out to Ant Allan, research vice president at Gartner Inc., who told us that HSBC’s biometric tools are in line with other tools rolled out by banks such as Wells Fargo. “Touch ID integration with mobile banking apps is widespread,” he said. However, the Touch ID system isn’t necessarily more secure than passwords. The system uses “relatively few points of comparison and relatively low matching threshold” to improve the user experience, he said.
Rather than better security, the real benefit is a better user experience, according to Allan. HSBC said it plans to begin enrolling clients over the next several weeks.
Image Credit: HSBC headquarters U.K., courtesy HSBC.