Are Biometrics Good or Bad for Digital Security?
Good arguments can be made for use of biometrics in security, but the technology does have is flaws.
Companies concerned about digital security, whether it’s keeping their own information safe from competitors and cybercriminals or keeping their customers better protected against independent threats, are beginning to consider biometric authentication. Biometrics, as the technology has come to be known, includes any measure of authentication or identification based on a part of the human body; these include fingerprints, faces, and any other unique body feature.
The thought of opening a door with a retinal scan, or of allowing customers to sign in using the pattern of their ears is futuristic. But is this really the progress we need on the digital security front?
Touch ID and face ID are already working their way into the mainstream, thanks to modern smartphone capabilities that allow them to be used. To be fair, they have some significant benefits over conventional methods of identification and authentication:
- The most obvious benefit is the uniqueness of the signature. Fingerprints are the hallmark example here No two sets of fingerprints are exactly the same, so you can ensure that when you scan a fingerprint successfully, you’re working with the right person. Most biometrics are also ridiculously hard to forge.
- Biometrics are convenient for the people using them. Instead of memorizing an exhaustive list of passwords or carrying around specific paperwork to prove your identity, you simply provide a smile, an eye, an ear, or a fingerprint, which you have with you at all times. Setting up biometric technology is also relatively easy.
- Accuracy. Though biometric scanners aren’t 100% accurate, we are on the verge of technology that’s virtually foolproof. The latest comprehensive study of fingerprint technology found that single-finger tests were correct 98.6 percent of the time, with two-finger tests getting 99.6 percent accuracy, and 99.9 percent accuracy for four-finger (or more) tests.
- Cost. Though the cost of setting up a biometric system may be expensive, the long-term costs of management are much lower than those of conventional systems. Companies can require less paperwork, and avoid practically all password reset costs. Plus, if biometrics prevent any additional fraud or abuse over a conventional system, it could save the company using it millions of dollars.
That said, there are weaknesses to relying on biometrics for your digital security:
- Device limitations. Right now, the most convenient and portable device we have with biometric capabilities is the smartphone, but the smartphone has limitations. It has a small fingerprint scanning area, so it only takes a partial fingerprint. Because of that inherent limitation, studies have shown that generally designed “master fingerprints” can be used to fool the system; in fact, just 5 designs are able to get past approximately 65% of devices.
- Modifications. Biometrics rely on the permanence of your features, but what if those features change? What if someone obtains a copy of your features? It may be hard to replicate your iris, or the shape of your ears, but if someone does, it’s virtually impossible to modify what you already have as a measure of security. Considering there’s already been at least one large-scale hack to steal biometric data, this is a major threat.
- Resets. One of the advantages of traditional digital security measures is that they can be enacted remotely; if you find out someone has been using your credit card or one of your online accounts, you can use a password and a personal device to shut it down and/or change your password. But if you want to verify your identity after a thief has stolen your biometric information, you’ll need to do it in person, and by that time, the damage may be done.
- System limitations. Biometrics still rely on databases, and databases are vulnerable. Already, about half of all Americans’ faces have been stored in massive databases by the FBI; but there’s no way to guarantee that these databases are secure. If and when someone finds a way into the system, whether it’s through a brute-force hacking attempt or an employee’s weakly created password, they’ll have access to data that could be used to manipulate millions of accounts.
The role of biometrics in digital security
Biometrics have strengths that conventional digital security measures can’t live up to, but we shouldn’t be considering them a full-fledged revolution. Instead, they’re the latest in a series of tools we should be using together to layer and solidify our collective security. As a general rule, no company should put too much stock in any one solution; it’s unlikely that any security solution we come up with is going to be foolproof, so we’ll need to use multiple solutions together for the best possible protection.