Iris scanning may be coming to a smartphone near you as early as next month. Samsung’s Galaxy Note 7 phone–to be released August 2–will very likely include iris recognition technology to unlock your phone. Apple may also roll out new iPhones with iris sensors in 2018, according to DigiTimes–delivering on user demand for biometric security checks over numeric passwords, but raising new practical and privacy concerns.

Iris scanning works by recognizing the flat, colored, ring-shaped membrane of the user’s eye. Like a fingerprint, each person’s iris is unique. While a retinal scan requires close proximity to an eyepiece, iris capture is more like taking a photograph.

“Smartphones have been improving camera quality, so it’s natural and easy to add the iris scan,” said Avivah Litan, an analyst at Gartner Research. “There is a lot of interest in iris scans and other biometrics among both consumers and employers, because the other security methods are being circumvented.”

SEE: Mobile Device Research: 2016 security trends, attack rates, and vendor ratings for smartphones, tablets, laptops, and wearables (Tech Pro Research)

While Samsung and Apple would certainly be large deployments, they would not be the first to venture into eye-scanning security. Fujitsu launched the Arrows NX F-04G smartphone in Japan in 2015, and Microsoft’s Lumia 950 XL followed later that year. Both phones feature built-in iris scanning user authentication.

Other companies offer similar security for mobile devices via an iris recognition software and camera hardware. And Windows 10’s Hello feature lets you log into the OS using your face, iris or fingerprint.

Following the trail to iris scanning

Neither Samsung nor Apple has confirmed the rumors about their own iris tech, but it seems highly likely that the speculation is true. Samsung applied to trademark the “Galaxy Iris” and “Galaxy Eyeprint” monikers in the US, Europe, and South Korea in May.

Apple sources reported that the company was investigating iris scanning as early as 2014, and KGI security analyst Ming-Chi Kuo predicted in March that Apple’s 2017 iPhone model might incorporate facial recognition technology (though the DigiTimes story released this week said it would be the 2018 model). The company owns a number of patents that include such technology, including a facial recognition system that relies on 3D rendering for increased accuracy.

Apple also acquired facial recognition specialist Emotient and real-time, 3D-rendering firm Faceshift. In January 2015, it was granted a patent for advanced eye-tracking technology that follows a user’s gaze and relays the information to an on-screen graphical user interface.

Most smartphones will not require additional hardware to add this feature; rather, they can likely use existing front-facing cameras and build in an algorithm for the iris scan, said Alan McCabe, biometrics researcher and CEO of the startup My Software Prototype. “It’s a bit surprising that Apple couldn’t bring it out as an update to their standard OS,” McCabe said. “Perhaps they’re waiting for that next generation camera to come out.”

According to the Samsung Galaxy Note 7 patent, the iris recognition system uses three lenses to capture the image signal, and then checks the iris of the user based on the image generated.

Rising popularity of biometric security practices

Apple brought biometric identification to the mass market with the iPhone’s home button fingerprint sensor in 2013, a feature called Touch ID. This high-profile rollout helped drive wider adoption, according to a report from Juniper Research. More than 770 million biometric authentication applications will be downloaded each year by 2019, up from just six million in 2015, the report states–which will dramatically reduce dependence on alphanumeric passwords for smartphones.

By 2019, biometrics are expected to be a $25 billion industry, with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI. Eighty percent of consumers who expressed a preference said they think biometric authentication is more secure than traditional passwords, a OnePoll/Gigya survey found.

SEE: Identity management: Hot and getting hotter (Tech Pro Research)

“Biometrics are growing in popularity because we cannot trust people based on their credentials, namely their ID cards and passwords,” said Anil K. Jain, a Michigan State University professor who researchers biometrics. “Because of the lack of solid proof of identity, there is a growing need and requirement for using biometrics for homeland security, international travel, and financial transactions.”

Millions of customers at Bank of America, JPMorgan Chase, and Wells Fargo banks now use fingerprints to log into their accounts via their phone. Wells Fargo also lets some customers scan their eyes with their phone camera to log into corporate accounts.

Iris recognition in particular is gaining popularity, as it is more accurate than fingerprinting, Jain said. However, existing tech that uses iris scans for authentication typically encounters problems with people wearing contacts or glasses, with changing lighting conditions, and with positioning the camera correctly. But these issues would likely be worked out over time, Litan says.

Avoiding system breaches

Biometric systems are not foolproof: Hackers can create a biometric spoof, or an artificial object (like a fingerprint mold made of silicon) that can fool a system into granting access. Vendors can use different techniques to check for liveness, such as asking a person to blink, measuring blood flow in the eye, or using voice authentication to read the date and time. Still, it will be difficult to prove how accurate these measures are until the tech rolls out on a mass scale, Litan said.

And while these systems make it more difficult to impersonate someone, they need to have strong enrollment processes, lest a criminal register their own iris or fingerprint under someone else’s name. This was a major problem with Apple Pay–while the security systems were strong, criminals could enroll as another person.

Litan predicts a rocky rollout of iris scanning smartphones, but said she believes the technology will improve greatly in the next few years. It could have implications in the future once we see more rollouts of the Internet of Things, she added–for example, you might soon be able to open doors by looking at a camera that scans your iris.

“Iris scans are coming, and you can start relying on them for authentication,” Litan says. “Tech leaders should start evaluating what it could do for your organization–keep an eye on it, so to speak.”

The 3 big takeaways for TechRepublic readers

1. Samsung and Apple are rumored to release smartphones in August and in 2018, respectively, that use iris scanners for user authentication.

2. Use of biometrics such as fingerprints and iris scans for privacy is expected to increase exponentially by 2019, with traditional passwords disappearing.

3. While biometric security systems are much safer than traditional passwords, they are not foolproof. Companies need to have strong enrollment processes to ensure user safety.