Why biometrics are bad
Not only are these relatively easy to guess — a brute-force hacking program can usually find them in mere seconds. We have a password problem, and compromising on digital security is not an option, especially for businesses, which routinely handle sensitive information belonging to themselves and their customers. Other less common biometric factors include irises, palm veins and prints, retinas and even DNA.
While a password is something that only its owner knows, your biological traits, for the most part, are very much public. You leave your fingerprints everywhere you go, your voice can be recorded and your face is probably stored in hundreds of places, ranging from social media to law enforcement databases.
If those databases are compromised, a hackers could gain access to your biometric data. Any kind of digital data can be hacked and misappropriated. And, contrary to popular belief, it can even be faked. Just a day after the release of the iPhone 5, which featured the TouchID fingerprint scanner, a German hacking group managed to create a fake finger to unlock the devices. Five years later, the same hacking group managed to crack the iris recognition in the Samsung S8 simply by placing a contact lens over a high-definition photo of an eye.
The fact that biometric data can be hacked can have far wider consequences, some of which are extremely worrying from both a security and privacy standpoint. If your password is stolen, then you can usually just reset it and choose a new one.
For example, in a facial recognition system, different facial features are processed and converted into numerical data, which is stored in a database.
Other types of biometric authentication are:. Behavioral biometrics verify identity by analyzing physical and cognitive behavior of a user. They use machine learning algorithms to determine patterns in user behavior and activities. These patterns are then used to detect whether someone is who they say they are. The whole point of biometrics is that they are unique. Modern AI algorithms can be used to generate fingerprints , which can deceive fingerprint scanners.
Moreover, several vulnerabilities have been observed in the data collection, processing, matching, and enrollment processes of even the most sophisticated biometric systems. A unimodal biometric authentication system verifies only one distinct characteristic, e. But as we just saw, such a system is susceptible to spoofing. This is where multimodal biometric authentication can help.
This makes it much harder for a malicious actor to spoof. But if the system requires them to provide additional info, e. Additionally, combining physical and behavioral biometrics can also enhance your security posture. Even if a malicious actor manages to spoof a fingerprint, the system can detect change in behavior and deny entry.
Biometrics are a much needed improvement over passwords. Passwords are very easy to hack. How Biometrics Work At the most basic level, you need two things to verify an individual's identity with a biometric identifier: a way to collect or measure the desired characteristic and a record of that characteristic to compare your measurement to.
However, to automate the biometric authentication process, modern biometric systems typically require three steps: A physical measurement device that reads or scans the biometric characteristic you're using to authenticate a person Software that translates a biometric scan into a digital format and compares it to the record of that biometric characteristic A stored record of that biometric characteristic that the software can compare the new scan to in order to verify a person Centralized vs.
Decentralized Biometric Data Storage and Why It Matters Biometric data is typically stored either on a central server or the authentication device itself — with the former being a controversial method for doing so.
Types of Biometrics While just about any part of a person's body can be measured, not every biometric characteristic can or should be used to verify an individual's identity. Below are the most common types of biometric characteristics in use today: Fingerprint Biometrics. The patterns found on a person's fingers are unique to them and are already used to verify smartphone users. Behavioral Biometrics. Behavioral biometrics use patterns in an individual's behavior, such as keystroke patterns and computer mouse movements or other behavioral characteristics like a user's physical location, to identify them.
Ear Biometrics. A person's ear has a unique shape, and research shows ear recognition could be more accurate than fingerprint recognition. Voice Biometrics. Facial Recognition Biometrics. Research shows that an individual's face is unique when measured in sufficient detail and therefore is effective for accurately identifying them. Face recognition algorithms are far from perfect studies show the technology is less effective in identifying darker-skinned individuals. However, companies are taking steps to improve their accuracy with artificial intelligence AI.
Hand Geometry Biometrics. Hand geometry is unique from person to person and has been used to identify a person since the s. Although hand geometry is unique, using it to identify an individual does carry some important limitations, according to the Infosec Institute. Gait Biometrics. Gait analysis measures the way a person walks to identify them.
Gait recognition is still a new technology, but researchers have already developed systems for smartphones that could be used to implement it.
Retina Biometrics. Retina biometrics use the unique pattern on a person's retina to identify them. Some of the techniques are:. The debates on the good and the bad of biometrics are not expected to subside. The reality however is that doing nothing is not an option.
Categories: Intelligent Authentication , Articles.