Biometrics vs passwords: passwords - a weak link in an organisation's IT security

November 2006 Access Control & Identity Management

People tend to use short and easy-to-­remember passwords as they do not wish to be troubled each time they gain access to a system.

Biometric technology uses one or more physical identifiers to determine the individual's identification. This may be a fingerprint, iris or retina scan, hand size, vein scan, signature, voice, 2D or 3D face.

With biometrics, a biometric feature (face, finger, voice etc) is securely stored by the software and/or hardware during an enrolment stage. Once the user requires access to the system, a verification stage begins. In this stage, the individual who is present has his/her biometric identifiers compared against what is already stored on the database. If verified correctly, the user gains access to the system. There is no need to remember a long password by memory or to write it down, where it could be compromised.

People tend to be very trusting with passwords, either deliberately or by error. Passwords are then disclosed to unauthorised users. At other times, a password may be compromised by someone watching the user enter it into the system. With biometrics, there is no chance of this happening. The authorised user needs to be in place at that time to gain access to that system.

Another common habit is the use of the same password for several applications. In this scenario, if a non-authorised user gains access to an individual's password and the password is the same, all applications are open to him. With biometrics, each application will have the same level of security without the need for lengthy password lists.

Standard passwords require changing on a regular basis such as when users forget a password, a staff member leaves the organisation or simply as a security routine. These all lead to an increased load on the organisation's IT support. This also decreases the staff member's productivity and/or customer service, as he/she cannot gain access to their work. With biometrics, once the user is properly enrolled his biometric template will remain on the system until he/she leaves the organisation.

With traditional password-enabled systems, the IT administrator has no real proof of who accessed the system. The authorised user can argue that his password had been lost or compromised by an outsider. With biometrics, one has solid proof of the person's presence during access.

For those complaining of the cost, the financial benefits of biometrics far outweigh any of the initial or future costs involved in procuring hardware and/or software licensing.

Software and hardware biometric products are now available that can be integrated into almost any existing or new software application. With these, customers can easily replace standard password access control with biometric hardware and software.

For more information contact Nathan Bearman, Eagle Biometrics, +27 (0) 21 423 4943,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.