Traditionally, if you implemented a technology to authenticate a user, you did it for reasons of security. This included passwords, PINs, tokens, and biometric recognition. If you’re in the business of creating or implementing these technologies or related systems, you’d generally be considered to be operating in the IT security or physical security industry. Why is that?
It may seem like an odd question to pose since we often implicitly assume that these technologies have the singular purpose of keeping the “bad guys” out while letting the “good guys” in. This is most certainly a security problem. But is user authentication only useful to address this type of security problem? Most definitely not.
User Authentication is a Pain for Everyone
But before we get ahead of ourselves, back to the original question: why are are we stuck with this “security” tunnel vision? The only answer I can come up with is that, traditionally, it was hard to perform reliable user authentication. Either it was hard for the user, or it was hard to create the technology, or both. Passwords are a pain to remember and to enter (especially in this day and age with mobile devices). Short PINs are a sort of compromise, but not a great one since they’re still a pain to enter and remember, and are not usually very secure. Tokens are annoying to carry around and not lose. Biometrics like fingerprints have traditionally been hard to make reliable while being quick and easy for the user. I could go on…
The point is, it’s a pain for everyone, and so you’d only require user authentication if you really had to. And you generally only really have to if it was an issue of security.
But What If it Was Easy?
So, what if it was easy for a system or device to recognize the user? Or, more specifically, what if it was easy for the user? This is what Bionym’s HeartID is all about: user authentication with a simple touch. If it’s easy, then why limit it to be for security purposes only? This leads me to the question I’d like to throw out there to all app and video game developers, hardware manufacturers, and systems designers:
What function or feature would you implement if you always knew who was using your system without requiring the user to do anything?
Think: automatic personalization. What does that mean for the user experience? What does that mean for the next generation of applications and services?
The Face Recognition Example
I don’t know where all of this is heading, but it’s going to be interesting! We do have an early parallel example to look at: face recognition. Now, face recognition is usually used for identification rather than authentication (Bionym’s FaceID is an exception), but, regardless, it was traditionally a security technology (border screening, etc.). Now we see it being used for face tagging in photos, video searching, etc. It’s still early, but we see developers getting creative and seeing the technology in a much broader scope.
So, let’s think outside the box. What would you do if user authentication was easy?