Skip to main content

Do old-fashioned passwords have a place in the world of facial recognition and biometrics?

(Image credit: Image source: Shutterstock/Ai825)

The trusty password is now 60 years old, and in the time of its existence, we’ve seen the introduction of innovative new security technologies such as biometric and facial recognition capabilities, which are being increasingly used in various areas of our lives.

Now when we head off on holiday abroad, ePassport checks at airports are taking advantage of this technology to cut down on queues at security points, and help identify any counterfeit passports being used. The same now applies for those looking to keep their feet on the ground when heading on holiday, with facial recognition technology being used on the Eurostar tunnel to speed up queue times at its terminals.

While it’s certainly encouraging to see these technologies finally being implemented in an age where using a password feels outdated, these integrations can come with risks. As the world gradually adjusts to a new normal, with more people working remotely for the foreseeable future as a second lockdown looms, security threats are likely to increase.

Concerningly, brute force attacks, where a cybercriminal systematically submits multiple passwords until they eventually gain access to the account, has been on the rise since the start of the pandemic. Of equal concern is that only 53 percent of those working in IT security report that their organizations change how their passwords or corporate accounts are managed following such an attack, leaving the business vulnerable to repeated cyberattacks in the future.

As the world of work has transformed, with many businesses now looking to implement remote working practices for the long term, security teams need to assume that all work devices in their network have now been compromised in one way or another – with workers logging in to multiple systems every day as they alternate between home and office environments.

This begs the question for businesses: will passwords still have a place in this new world or is it time to wave them goodbye and opt for newer methods?

The strength of passwords in the new normal

At the core of its benefit, a password is either right or wrong, and there’s no loophole to this. There’s a reason passwords have been used for so long and that is because they are effective. A traditional password can be reset regularly if necessary, and as many times as needed. If a password is breached, it can be changed or replaced which cannot be achieved in biometrics. However, if an

Biometrics and facial recognition have their obvious benefits in a world where cybercriminals have become increasingly sophisticated in their methods. We’ve all been guilty of forgetting a password from time to time. A common way to counter this is to write the password down on a post-it note, but some would argue that this goes against the basic principles of cybersecurity and should be avoided. Biometrics on the other hand remove the pain point of forgetting the password and the risk of trying to make sure you can remember it easily. They streamline log-in processes, making things smoother and arguably safer.

With this in mind, it’s easy to assume the aging password is ready for retirement as it approaches its 60th anniversary. Yet there are still many benefits to using a traditional password. For a start, there’s no grey area or margin for error as, for example, it has been shown that people have been able to open relatives' phones via facial recognition apps.

A hybrid approach

Taking these benefits into account, we can see that the traditional password is too robust a security method to retire completely. But businesses don’t have to choose between the traditional password and biometrics. They can have the best of both – a hybrid approach to security. The standard password should be used in tandem with other methods such as multi-factor authentication (MFA) and the encouragement of password complexity.

Through adding additional layers of protection such as sending an authentication code to your phone once you’ve entered your password, MFA ultimately allows your security capabilities to be expanded. The security of your organization will become more robust with every layer that’s added. What’s more, with MFA in place, there is no need for periodic password resets. Complex passwords which are now mandatory when registering on many websites provides further protection against your account being breached.

The use of biometric technology can be used in tandem with traditional passwords, adding increased protection. Some of the biggest corporations already run such systems, such as Apple giving users the option to login to their iPhones via face ID. If that fails for any reason, the user still has the option to use their traditional password. This could be the way forward in devising comprehensive security strategies.


Biometric and facial recognition technology certainly offer unique benefits, enabling speed and ease in place of passwords without jeopardizing security. But passwords still perform a vital role and do it very well. Traditional passwords shouldn’t be brushed aside to make way for new technology until that new technology is absolutely fool proof.

This is even more important when viewed in the context of remote working, where a multitude of devices are now being used in various locations while being connected to the company network. By implementing an effective combination of password protection and newer technologies such as biometrics, businesses can be rest assured that they are mitigating risk during a time where devices are less visible, both literally and in terms of the company network.

Organizations need to be aware of the risks that come with adopting biometric technology as a sole form of security, as the ensuing data breaches could be catastrophic. When used in tandem with MFA and password complexity, traditional passwords will continue fulfil their purpose in ensuring the ultimate level of security.

Rajesh Ganesan, vice president, ManageEngine

Rajesh Ganesan is vice president at ManageEngine.