With costs under control and accuracy unparalleled, the last remaining issue to the adoption of biometrics seems to be a lingering concern about its potential invasiveness, especially the technologies, like retina scanning of the back of the eyeball, that require close proximity to a reading device. There's also lingering concern that various hand scans could be used to collect fingerprints.
But that's not how it works. While biometrics may make you more efficient at matching your Web site visitors to the customer profiles you keep of them, it doesn't provide any more information about the user at the point of access than the typical password system. These concerns are usually ameliorated once someone begins using the technology, says Nanavati, a process that can be accelerated if the consumer has control of the actual scan template on, say, a portable smart card.
Some templates can fit on a pen or even the magnetic stripe on a credit card. The complementary PKI, smart card and biometric markets got a boost this spring when Microsoft announced support for all of them in future Windows versions, making it easier to build servers using them all. Multifactor security or carrying a "hardware token" may be desirable for logging on to your LAN or your online bank.
But carrying something around detracts from one of the big selling points of biometrics-convenience. In most cases, the use of random software keys in combination with biometrics should suffice, says Evans. After all, he points out, that's the beauty of relying on your body for security: "You can't leave home without it, you can never forget it and it doesn't change."