Concurrent to the rise of smartphone payment systems in 2015 has been the rise of fingerprint scanning as a method of user authentication. But what if the use of fingerprints is not the future of security?

Chief Executive Officer Joe Siegrist of password management firm LastPass (LogMeIn, Inc.) believes that the concept of fingerprint authentication is fundamentally flawed and that the security industry will have to rethink other established practices around access management in the year ahead, in the latest of SiliconANGLE’s 2016 prediction series.

Siegrist’s predictions are as follow:

Rethinking established practices around security, identity and access management

Siegrist notes that while security and data privacy have always topped the list of priorities for IT professionals and technology vendors, what changed in 2015 and will likely escalate in the coming year is an increasingly heightened awareness of security and data privacy issues among consumers and business leaders.

“Consumers and businesses are now fearful [risks around security and data] is the new normal,” he said. “The tech industry needs to win back the trust of its consumers by rethinking some of its most established practices around security, identity and access management to reimagine how it protects customers. To stay ahead, businesses must invest in tools that align with the realities and working styles of the modern worker and work environment.”

Fingerprint authentication is NOT the future of security

While a growing number of smartphones are adding fingerprint-reading hardware to offer more convenient security, Siegrist argued that all is not well.

“Although fingerprint authentication may appear convenient, the concept is fundamentally flawed,” he said. “Every time you use your fingerprint, its full contents are disclosed to the reader. It has to convert your fingerprint into a digital representation, which can be processed by the service. This means you’re disclosing your ‘secret’ authentication credential every time you use it. You can change a password or a PIN; you can’t change your fingerprint.”

A new target for cybercriminals: Wearable devices

ABI Research predicts an estimated 780 million wearable devices will be in use by 2019, around one wearable for every 10 people on earth, but while presenting a great way to motivate people to interact more with the world around them, Siegrist believes they also pose a growing security risk.

“Wearables, especially in densely populated areas, will become a target-rich environment for attacks because they collect personal data and are relatively insecure entry points into smartphones,” he said.

Shifts toward an offensive cybersecurity stance for government entities and corporations

After a record number of high-profile hacks in 2015, Siegrist predicts that 2016 will be a significant year as government and enterprises will both begin to see the benefit of cybersecurity foresight. But, likewise, as users do become more aware of online threats, attackers will react by developing sophisticated, personalized schemes to target individuals and corporations.

“We can expect to see legislation expanding to create a global cyber defense model to allow for more prosecutions and convictions,” he said. “We can also expect to see regulation of device production and usage and the increasing addition of cybersecurity officers within enterprises.”

Attacks on cloud and virtualized infrastructure

“The Venom vulnerability that happened earlier this year hinted toward the potential for malware to escape from a hypervisor and access the host operating system in a virtualized environment,” Siegrist said. “The rate both private and hybrid clouds are growing, and the reliance placed on them by consumers, will make these type of attacks even more prolific for cybercriminals.”

Image credit: Joe Siegrist/LastPass