In the era of concern about cybersecurity, our convenience factor and mobility world has provided some unique potential security backdoors to the enterprise. The BYOD era is now allowing consumer grade devices to access the enterprise. These consumer devices were not designed or optimized for enterprise WLAN connectivity or enterprise security.
BYOD devices are now being used for email and now even texting in healthcare environments. How do you actually authenticate that this is the person that is actually sending the text or email?
Even in 2016 we still use passwords or even two-step authentication. Even with passwords and two-step authentication of a PIN, if the bad guys gets your password and BYOD device, they have the keys to your kingdom so to speak.
People by nature tend to make things simpler; we often use the same password or variations of it. The challenge is the management of these passwords has become a nightmare and to include hardware tokens. In those instances where in certain high secure areas where you are supposed to log in and log out of sessions, convenience wins out; folks often do not log out. This could also happen if the CAC is left in the laptop or mobile device. http://www.cac.mil/common-access-card/
Biometrics is quickly becoming the edge for security beyond passwords. However, unlike passwords that can be changed, your biometrics cannot be changed.
Your fingerprints, facial, iris, and other biometrics such as vein should never be stored on a server that can be hacked, or the cloud, or a BYOD device that can be stolen.
If they are not secured to you, you are actually drastically increasing the cybersecurity threat...not decreasing it.
You can replace passwords and PINS, but not your personal biometrics.
See article from last year about OPM Hack and the stealing of fingerprints