PITTSBURGH - Banks were the first to teach us that we couldn't live without passwords. Now they're showing us that we can.
Big banks increasingly are offering customers the option of using fingerprints, voices, retina scans and other biometric technologies to access their accounts instead of passwords.
Convenience for customers and better security in a time of rampant data breaches are fueling the switch.
Biometric authentication is "difficult to mimic and easy for people to use," said Tom Trebilcock, senior vice president of digital at Pittsburgh-based PNC Bank, where customers with Apple iPhones equipped with Touch ID have the option of ditching passwords for fingerprints.
"Looking out years from now, I expect the days for passwords are numbered," he said.
PNC has been offering fingerprint access to mobile banking customers through its virtual wallet mobile app since September, and to its other iPhone-equipped customers since June.
Citizens Bank, based in Rhode Island, offers a similar service, while First National Bank of Pennsylvania, headquartered in Pittsburgh, is set to launch its iPhone-based verification service later this year.
"It's been pretty popular," PNC's Trebilcock said of fingerprint access, declining to disclose the number of customers using it. For now, only customers with iPhones can use the service, but the bank is exploring the addition of Android-based phones.
In part, passwords have been done in by their ubiquity. With so many passwords to remember, many people resort to using simple letter or number sequences - such as "123456," "qwerty" (the first six letters on a keyboard) or "password." That makes passwords easy to remember, but also makes it easy for cybercriminals armed with valid email addresses to crack accounts by guessing.
"Using biometrics is clearly a higher level of security," said Doug Johnson, senior vice president of risk management for the American Bankers Association in Washington, D.C.
At PNC, customers using Touch ID to sign in to their accounts can check balances and perform most other mobile banking transactions, but they must use passwords when transferring money out of their accounts, such as when paying bills.
Columbus, Ohio-based Huntington Bank is planning to roll out Touch ID log-ins using thumbprints by this fall, according to payments and channels director Mark Sheehan. Customers will have full access to Huntington's mobile banking services, including bill pay, he said.
"We had a lot of feedback from customers that this is something they would like to see," he said.
The bank also is experimenting with voice recognition technology that could be used to verify customers when they call customer service. The company currently is conducting a test pilot with employees.
For now, the use of fingerprint IDs and the like aren't for everyone. Some consumers are reluctant to embrace the technology because of concerns that thieves will devise ways to steal and use biometric data, too.
The American Bankers Association's Johnson pointed out that no actual fingerprints or eye patterns are being stored. Instead, a digital code is created using a series of 1s and zeros used to match each unique finger or retina pattern.
"The ones and zeros don't access the account. It's pressing the finger to the phone," he said.
In addition, experts noted that extra safeguards are in place behind the scenes for added security.
For example, some banks employ geolocation tracking. If an account holder's phone is out of its normal range, a password is needed to access the account.
Eye scan systems often require the person to blink to prevent thieves from using a photograph for authentication, while voice recognition systems may use certain prompts to ensure a live person is on the line instead of a recording.
As biometric verification becomes more common, some people are pushing for federal standards to clarify the rights that citizens have in protecting the use of that data.
The premise is that passwords and Social Security numbers can be changed if they're stolen, while fingerprints, retinas and other biometric markers can't. In the forefront of that movement are a handful of lawsuits filed recently by consumers challenging facial recognition software used by Facebook and others for online photo tagging.
In Johnson's view, biometrics will continue to gain momentum. And the day will come when passwords will be as passé as old rotary telephones.
He said biometric data, along with dynamic authentication using numbers that change with each transaction represent the future.
"Static numbers are what get us into trouble," he said.