By this point we've become desensitized to the headlines about yet another online security breach. The news is usually followed by some idealistic advice informing users to change their passwords for all sites and ensure they are all unique. We're usually told that every password must contain both a capital letter and number, but must never be written down anywhere.

Considering our entire work and personal lives are spent online, how realistic is this advice? The average person is believed to have at least  19 passwords. Maybe we shouldn't be too surprised by the annual list of the most popular passwords, which includes gems like "password" and "login" and offers further proof that the current method of authentication is broken.

When Amazon filed a patent application to use image analysis for user authentication, it was greeted with a certain amount of caution. Is the world ready for pay by selfie?

None of us have enough brain power to memorize a Smörgåsbord of username and passwords. Biometric authentication is seen as the obvious solution. Most importantly, our fingerprints along with voice or facial recognition all offer more security than a password ever could. 

The concept of biometric authentication is rapidly becoming a reality, with MasterCard now rolling out features across the UK, US, Canada, Netherlands, Belgium, Spain, Italy, France, Germany, Switzerland, Norway, Sweden, Finland, and Denmark this summer.

The MasterCard Identity Check mobile app that will inevitably be nicknamed "selfie pay" will allow users to authenticate their online purchases through facial recognition and fingerprint biometrics.

MasterCard's identity check app authenticates the users by snapping a selfie. The app's secret sauce is monitoring the blinking of the person using the app. Any fraudster who tried to access your account by holding up a photo of you, would fail without your unique facial mapping and live blinking combination.

Consumer behavior suggests that we are all looking to simplify our lives. Convenience and security will be the big drivers when making purchases from our smartphones. Rather than the person constantly forgetting their password, the person is about to become the password.

The increase of sophisticated attacks from hackers along with the risk of fraud is a thorn in the side of banks too. Biometric technology could please both parties by just making life easier for the average user and increasing security to offer banks peace of mind.

MasterCard completed a trial of the biometric software in the US and Netherlands last year. The results of the trial revealed that 92% of its test subjects preferred the new system to passwords.

For those who feel uncomfortable with this latest direction, we only have ourselves to blame. As consumers, we have grown to detest the growing number of passwords in our lives--but by lazily using passwords like "123456," the world's most common, we put ourselves at significant risk.

The ability to verify online transactions using facial recognition and fingerprint biometrics seems like a natural step forward in the same way that paying for goods by handing over a handful of silver coins is starting to feel primitive. Maybe we need to accept that a humble password is no longer enough to secure our finances.

The demise of the password has already begun, and the new sheriff in town appears to be biometrics. What is often thought of being a few years away is already on our doorstep. The phones in our pockets already contain more about our life than we care to admit. But if we can offer greater security and convenience by utilizing this latest technology, is it such a bad thing?

The imminent arrival of the password replacement left me with more questions than answers. I reached out to MasterCard directly and was delighted to speak with Catherine Murchie, who is the Senior Vice President of North America Processing, Enterprise Security & Network Solutions on my podcast.

Published on: Apr 26, 2016