Token authentication vs. biometric authentication systems

Ask the Expert

Token authentication vs. biometric authentication systems

How mature are biometric authentication systems, and do they really work? Would there be any point in swapping our existing token-based system for a biometric approach? And what type would you suggest?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
  • By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

  • Safe Harbor

Biometric systems have been around for a significant period of time, and they have successfully made the leap from science fiction and movies to the real world. Early issues such as revocation and replay have largely been resolved, though compromise of the biometric storage system still remains an issue. Consider what happens if your biometrics are compromised where they're stored. What do you do if your fingerprints or retina scans are pinched? You can't very well go and get a new set!

That said, it's hard to forget your fingers on the way to work, unlike swipe cards, tokens and passwords. The problem with biometric authentication is that some over-zealous vendors are promoting them as a substitute for conventional authentication processes. They're not! Biometric systems make an excellent addition to security, and could be considered a substitute for token-based authentication, but they will never be a substitute for a username/password/PIN.

If you have currently made the investment in tokens and can manage the overhead that they create in terms of loss, replacement and staff education, then stick with them. Biometrics won't have a significantly lower support overhead, and it could be a great deal higher as users get the hang of exactly how to authenticate with them. The value from a token system is either wrong or right, not mostly right or mostly wrong, as would be a fingerprint match. Hence the learning and 'tuning' process for new users and your support team can be significant.


If you haven't implemented a second factor of authentication, then review both biometrics and tokens. Either would significantly complement your current security setup.

This was first published in April 2008


COMMENTS powered by Disqus  //  Commenting policy