With cybercriminals using increasingly sophisticated phishing and brute-force attacks, there’s a growing need for more robust authentication when logging into websites. While strong passwords and two-factor authentication (2FA) are widely used, biometric authentication offers even greater security while being more user-friendly. In this post, we examine how website owners can benefit from and implement biometric logins.
Contents
Why passwords are no longer enough
Passwords are inherently insecure. According to the Institute of Engineering & Technology, 20% of people use the same password for multiple websites and devices, while half the population have passwords containing either a significant date or a pet’s name . Cybercriminals armed with modern brute-force tools could crack these passwords in seconds and log in to all the accounts using the same credentials.
While 2FA provides an extra layer of protection, it relies on codes sent by text message or created on authenticator apps. Not only do many users find 2FA annoying, but the codes can potentially be intercepted by criminals. For businesses and website owners, reliance on passwords is increasingly risky. What is needed is a method of authentication that is more secure and user-friendly.
Make sure your site is fully protected. Read: Defending Your Website: A Security Checklist for Site Owners
What is biometric authentication?
Biometric authentication is a secure login protocol that uses a person’s unique physical characteristics to verify their identity. These include fingerprint scans, facial recognition, voice authentication and iris or retina scans.
Unlike passwords, these physical attributes can’t be guessed, shared or phished, while they are often quicker to use than inputting a username, password and 2FA code. Moreover, as they are usually stored on the user’s device, there is minimal risk of interception or theft from a centralised data storage.
The latest technologies also use various techniques to prevent the use of AI cloned voices, photographs, face masks and videos being used to thwart biometric authentication.
How to implement biometric logins
There are two main ways that website owners can implement biometric logins. The first is using the WebAuthn API. While this approach meets modern standards in web security, it is technically challenging to implement and would require an experienced team member or developer to implement. Part of the FIDO2 framework and supported by major browsers and operating systems, using WebAuthn would enable website owners to:
- Let users log in using their device’s built-in biometrics.
- Authenticate admins or contributors to CMS, like WordPress or Joomla.
- Protect access to dashboards, client portals and admin panels, etc.
For most website owners, an easier option would be to install a biometrics plugin or add-on. There are several of these now available in the WordPress Repository. The Secure Passkeys plugin even uses WebAuthn technology to enable passwordless authentication, while AwareID’s Identity Verification plugin offers biometric enrolment and authentication for all users, using advanced facial biometrics and document verification.
Run a WordPress website? Read: 10 Proven Ways to Strengthen WordPress Security
Where to use biometric logins
Any area where a cybercriminal can use compromised passwords to cause damage is somewhere you should consider implementing biometrics. This includes:
- Website dashboards: I.e. areas that contain user information and website settings.
- Customer portals: If users log in to use your site, you can use biometrics to protect the information stored in their user areas.
- Online stores: Use biometrics to protect customer payment data, personal profiles, addresses and order histories.
As some users will not want to use biometrics and others may not have compatible devices, you should offer alternative login options, such as 2FA, as a failsafe.
Security and privacy considerations
In the UK, biometric data is regarded as ‘special category data’ under GDPR and the Data Protection Act 2018. This means that if you store such data, you will need to put robust security in place and comply with stricter standards. However, if you use WebAuthn, biometric data is stored locally on users’ devices and not collected.
The future of biometrics
In the future, biometric authentication is likely to become more widely used for keeping websites and apps secure, as well as for verifying hosting account logins. At present, however, most web hosting providers still rely on 2FA for defending their client portals. This is also true of most control panels, including cPanel and Plesk.
Other advances may include:
- Multimodal biometrics, where fingerprint, facial and voice recognition are combined to reduce the risk of spoofing.
- Behavioural biometrics, which analyses an individual’s typing rhythm, mouse movements and touchscreen behaviour.
- Continuous authentication, where the user’s identity is continuously verified in the background, whether by regular facial scanning or looking for changes in typing behaviour.
Using a free hosting service? Read: Free Web Hosting: Expensive Consequences and Hidden Security Risks
Conclusion
Biometric authentication is a highly secure way to log in to accounts without needing to remember complex passwords or generate additional codes. Moreover, it uses unique personal identifiers, such as facial and fingerprint characteristics, that cybercriminals can’t access, steal or guess. Using the WebAuthn API or plugins like Secure Passkeys, you can now integrate biometric authentication within your website, protecting admin access and user accounts from hackers.
Looking for secure hosting? At Webhosting UK, we protect your site using advanced firewalls, intrusion and malware prevention, free SSL certificates, spam filtering, password-protected directories and more. We also offer cloud-based backups and state-of-the-art tools, like Imunify360. For more information about our secure hosting solutions, visit our homepage.
