Biometrics is rapidly improving authentication, leaving the password fading into history. To explore this evolution, we spoke with two experts in authentication technologies at Sopra Steria France: Etienne Loth, internal security market director and Yann Guegan, a specialist in biometrics and identification systems.
Imagine the scene: you’re rushing to catch your flight, desperately trying to access your boarding pass on your phone. Your password manager crashes, you’ve forgotten the (long) recovery phrase, and precious minutes tick away as you struggle with increasingly complex authentication requirements.
Now, imagine the same situation, but your phone recognises your face in a fraction of a second. This shift – from the friction of traditional passwords to the seamless experience of biometric authentication – represents one of the most significant recent changes in digital security.
What are the intrinsic challenges of a password-based system?
Yann Guégan: The problem with passwords is that you have to remember them. With technological progress, overly simple passwords can literally be cracked in 2.5 seconds. They must therefore become increasingly complex, which creates memory stress. Users end up bypassing this logic by writing passwords on a sticky note or in a file. Which, of course, is strongly discouraged!
This issue becomes especially critical in a professional context. In daily use, I feel distressed when my password expires – especially when the site requires me not to reuse the same ones for 3 to 5 years.
How does biometrics solve this paradox between security and ease of use?
Yann Guégan: Biometrics eliminates this problem: no need to remember anything – it’s who you are. Whether it’s a fingerprint, face, or iris, there’s no memory stress. In terms of friction, it’s the opposite. Your biometric data is stored only on your device. The system captures your face or fingerprint, generates keys that are transparent to the user, and it’s these keys that are transmitted – not your biometrics. This approach is directly applied in the solutions we deploy.
Etienne Loth: It has become a convenience, a given in everyday use. It’s a very effective speed factor, much faster than two-factor authentication systems (entering a password, receiving an SMS, then entering the code). It’s also more secure, since it’s much less shareable than a code.
That said, this evolution comes with new challenges. It introduces new risks: does the algorithm properly verify that the person is alive and not just a flat image? We are already seeing cases of hyper-realistic masks being used to bypass controls. But these risks remain marginal compared to the daily theft of passwords or databases.
Do you still observe resistance to biometric adoption?
Yann Guégan: There is a clear generational divide. Anyone born with a smartphone naturally accepts biometrics. The smartphone is the real driver of transformation. Concerns about biometrics mainly revolve around video surveillance, because it feels intrusive. When it’s my choice to use my biometrics to make life easier, the approach is entirely different.
Etienne Loth: This gradual acceptance is reflected in concrete deployments. Digital identity illustrates this well: a program with strict biometric requirements on smartphones that enables access to driver’s licenses, vehicle registration, and health cards. Today, there are more than 2 million digital identities. A biometric method is adopted if its purpose is clear and meets a real need.
Within this context, Sopra Steria develops solutions like Capitole, which enables biometric authentication using information stored in a passport chip, and its AFIS systems like Unify, widely deployed in Northern European countries.
How can biometric authentication address inclusivity challenges?
Yann Guégan: Complexity arises in facial identification, i.e., recognising one person among many. For authentication, we’re comparing a captured face or fingerprint against a limited set. With fingerprints, the older a person gets, the harder their fingerprints are to capture due to skin dryness. This is not true for facial recognition. Backup options and re-enrollment procedures must be planned.
Innovation, however, opens new perspectives. Promising “hidden biometrics” are emerging, such as vein recognition. This cannot be stolen and does not degrade over time. In South Africa, miners with unusable fingerprints authenticate themselves using their vein patterns to receive their pay. Multimodal authentication is also arriving – authenticating simultaneously with fingerprint and face, or face and iris, in a single gesture.
Can artificial intelligence create new risks for biometric authentication?
Etienne Loth: AI indeed has two sides. On one hand, it can quickly generate images, even 3D-printed masks. What was once hard to access is now easier. AI accelerates attacks – someone wanting to bring down a service can mass-generate facial images and use them in denial-of-service attacks.
On the other hand, AI offers opportunities for faster matching and larger data storage. Today, a face represents X recognition points. With greater capacity, we can normalise more points for more exhaustive comparisons.
Will the password ultimately disappear?
Yann Guégan: I believe so. It’s a deep conviction, especially since it is in the commercial interest of companies to ensure that logging in is not a barrier for potential customers. This shift seems inevitable, particularly as flaws in the current system multiply.
Etienne Loth: Passwords will become backup tools when necessary. The first instinct with complex passwords is to store them in browsers. Today, these vaults contain multiple passwords. When they are stolen, all of your accounts are compromised.
Recent events confirm these concerns, such as the discovery of a massive leak of 16 billion passwords affecting platforms like Apple, Facebook, and Google – highlighting the limits of browser-based password managers. Facial recognition is visible, but the real challenge is for tools to eliminate photo-based fraud.
What are the strategic challenges for Europe in this field?
Etienne Loth: France has real expertise in different biometric methods such as heartbeat, vein systems and voice. This is a strength of our ecosystem, made up of start-ups, research centres, and industry players. The only risk is failing to give them the opportunity to experiment and scale. Other countries invest heavily, allowing testing and trial. With unsuitable regulations, we risk stifling the French and European ecosystem.