Biometric authentication is quick and convenient. Touch your phone, and it will unlock. Look through an iris scanner and enter a safe room. Speak into your phone to authenticate hands-free. Governments, law enforcement, airports, and businesses use them.
But is biometric authentication that easy? When you consider the political issues, privacy concerns, and the complexities of biometric data protection, not really.
A survey reports that 62 percent of companies already use biometric authentication, and 24 percent plan to use it within two years.
Why? It provides a reasonable level of confidence that those who seek access to the network are who they claim to be, with little to no friction for the user.
Biometric identifiers can be exposed to fraud, attacks, and misuse at rest and during data collection, processing, storage, and access. There are also more apparent usability issues. You can reassign a password, but you cannot regenerate someone’s fingerprint.
The Excellent Part About Biometrics For Security
There’s a reason biometrics is becoming increasingly popular in identity management: it’s harder to forge. Authentication has evolved. It all started with a username and password. But it is easy to trick people into divulging the information they know.
So authentication techniques have shifted to what you have: a cell phone in hand or a card key. This, combined with what you know, makes it safer to use.
But biometric authentication cannot be secure enough. Cybercriminals could still obtain or forge users’ devices. What you are, demonstrated through biometrics, is the next level of authentication. It is much more challenging to develop someone’s voice, fingerprint, iris, etc.
In addition, biometric authentication is often easier for the user. Placing a finger over a keyboard or looking into an eye scanner is not tricky.
Some systems, such as facial recognition, can authenticate themselves without the user consciously making a gesture. Move into a room or sit down in front of your computer, and you will be shown, for example, via facial recognition.
The best part is that users won’t forget their fingers or eyes like they do with passwords or physical keys. With biometrics, you won’t pile up password reset tickets at your help desk.
Pro and con
There is no such thing as absoluteness in information security. Anything can be compromised if you have the proper focus, effort, and time. Despite the risks, biometric authentication holds excellent promise. Here are some pros and cons of the methods used today and in the future:
- Fingerprints: 57 percent of companies use fingerprints. However, castor 3D-printed replicas can fool the system. False-negative and false-positive results are not uncommon.
- Face Recognition: 14 percent of the companies surveyed use face recognition, but pictures and dolls, heads can fool the scanners.
- Voice Recognition: This method is popular but can fail if the voice changes due to illness or fatigue, ambient noise, or fake voice recordings are used.
- Behavior-Based And Contextual Methods: behavioral identifiers analyze how users interact with devices (keystroke patterns, finger presses). Context-related identifiers analyze where and when devices are used (time of day, machine used). There are many privacy and disclosure issues with these almost invisible methods.
The Unsightly Side Of Biometrics
As you follow developments in biometrics, you are likely aware of the ethical concerns surrounding many forms of biometrics. One of them is bias.
Facial recognition systems may not recognize POC or people who are not the same sex as accurately. And biometric learning systems have too often been based primarily on white or white-male photos, creating a clear bias that has led to difficulties in recognizing people in the broader population.
In addition, there are concerns about how biometric data might be used. Who has access to images that are used for face recognition, fingerprints, or voice samples? Is it acceptable for companies to sell or give their biometric information to others, such as law enforcement, immigration authorities, or repressive foreign governments?
Another ugly side of biometric data for companies is the question of storage. Wherever biometric data is stored, it must be kept safe.
Because if they are hacked, there is no going back – a person cannot change their fingerprint or iris. This means that losing your biometric data is a permanent risk for the rest of your life.
Companies that choose to store employee or customer biometric data assume a tremendous financial and ethical responsibility.
This is one reason to consider storage on the device: the biometric data is stored on the device that authenticates the user, such as the user’s smartphone or computer.
This gives the user control over the data and limits the location to a local device, reducing the chance that a cybercriminal could gain access to large amounts of biometric data in a single breach.
There are many sides to the biometrics debate. Still, one thing is sure: Despite the wrong and unsightly sides of biometrics, the good sides outweigh the good, so it is expected that companies will continue to use biometric authentication methods.
A Combination Of Biometrics And Tokenization
Security in the digital world remains vulnerable. Password protection does not offer a high level of security these days, and we must look for new data protection methods that reduce the risks.
While no mechanism guarantees a 100% reduction in the risk of cybercrime, it has been shown that the proliferation of computer security mechanisms can increase the chances of combating these situations.
For example, a combination of biometrics and tokenization is one of the solutions that continues to gain popularity in the computer security market. Such solutions allow companies to offer their customers more security and confidence in handling their daily transactions.