Free Enterprise - The FindLaw Small Business Law Blog

Should You Dump Employee Passwords for Facial Recognition?

One of the big new features on Apple's iPhone X is Face ID. What Touch ID did with your fingerprint, Face ID does with your face -- using facial recognition to unlock the phone, authenticate purchases, and sign in to apps. And while Face ID may make your phone less secure in the criminal law context, it might be music to the ears of employers, who won't have to worry about negligent employees mishandling their passwords.

So how might facial recognition work in the workplace? And is it time for your small business to make the upgrade?

Losing Passwords

The results from a recent survey by security firm Secret Double Octopus (yes, its real name) won't be shocking to cybersecurity-minded employers, but they are disheartening nonetheless: 23% of all employees surveyed said they rely on paper notes to remember their passwords; 14% admitted to sharing their work passwords with colleagues or other people; and 21% use work-related passwords for non-work related online services.

For those not horrified, imagine an employee using their work password to access Amazon, Facebook, or Netflix, and now imagine the access to your company's information that employee has. In a nutshell, employee passwords may be the only things standing between your small business and a data breach, and your employees are really bad at keeping those passwords secure. Almost two thirds of all employees surveyed claim they rely on paper notes, documents, or apps to store work-related passwords.

Saving Face

So what are employers to do? Well, to hear their careless employees tell it, give them facial recognition instead of passwords. 73% of employees surveyed said they would prefer Face ID to passwords if given the choice, and 70% categorized Face ID as "extremely or very trustworthy." Keep in mind the survey was conducted before iPhones with Face ID were even released to the public. (This may also be a good time to point out that Secret Double Octopus specializes in password-free, keyless authentication technology that it sells to businesses.)

"The results demonstrate the need for organizations to seriously consider the impact Face ID will have on their security environment and explore how they can leverage the technology both as a second-factor authentication measure," said Secret Double Octopus CEO Raz Rafaeli, "as well as a way to replace passwords altogether because that is where we are headed."

Some employers are already rolling out facial recognition software to replace passwords, and the Economist also reported in September that better, cheaper facial recognition technology is on the way. So it may be time to switch your employee authentication systems away from four or five passwords that you staff has to change four or five times a year (good luck with that), and to a simpler, smiling face for security.

Related Resources: