Biometric Identification: The Good and The Bad

09/27/2018

From governments and small businesses to individual internet users, we are an online world under siege.

Whether it’s targeted hackings, massive data breaches, or other unforeseen threats, billions of people are waiting and hoping for a quick, easy fix, one that takes the advantage back from black hat hackers and cybercriminals.

In some corners, biometric identification has become the next best thing in cybersecurity, but in other corners, not so much.

Biometric Basics

Biometric identification is a process of verification that uses a unique biological trait to determine whether or not someone is who they say they are. Features used in biometric identification can include fingerprints, iris scans, retina scans, hand geometry, ear geometry, voice recognition, facial recognition, and even heartbeat data.

Use of these identifiers takes the place of other common identifiers such as logins, passwords, PIN codes, birth dates, addresses, or other personal information. One example of increasingly common biometric identification is fingerprint scanning to unlock certain smartphones instead of a four-digit code.

Where Biometric Identification Succeeds

Take the above example of biometric smartphone identification. For the average person just trying to go about their day without having their phone and all the data within compromised, biometric identification is an excellent solution. So long as you’re not, say, a cheating husband with a phone that unlocks with a fingerprint who falls asleep next to his suspicious wife on a plane.

When this technology reaches ATMs and other day-to-day technology, it will still be an excellent solution for the average person. It’s more secure than passwords and other login information; it’s more convenient because there is nothing to be remembered or kept. Biological traits are stable and will not change even over the long-term.

It’s unlikely that even the most ingenious hackers will find a way to brute-force biometric identification the way they can with passwords. For end-user technology, biometric identification seems to be the way to go, at least when it comes to random hacking attempts.

Where It Falters

Amusing as the cheating husband’s story may be, it does serve as an illustration of how biometric identification is far from foolproof. Had the husband’s phone been secured with a password, his wife would likely not have been able to open it.

While this technology will stymie hackers looking to get into random smartphones and other internet-connected devices, hackers targeting people they know may not be easy to stop. With access, there is an opportunity, invasive as it may be.

Where It Fails

First, as much as it would be nice to believe the opposite, biometrics are not hack-proof. There have already been instances of hackers beating biometric authentication measures. Most notably, a German hacker who used high-resolution photos of the German Minister of Defense’s finger in order to outsmart fingerprint authentication technology. Hackers also used pictures from Facebook to beat facial recognition technology.

When security measures get smarter, hackers don’t tend to give up. They get smarter, too, and these advanced strategies can target high-profile employees of high-profile organizations.

Second, if a person has their biometric information compromised, it can’t be changed, as a password can. These traits are permanently part of a person, for better or – in this case – for worse.

Third, and most frighteningly, there is a stark difference between a security measure where biometric information is stored solely on a user’s device and a security measure where a central database stores biometric data. Over five million fingerprints have already been stolen from a US government database. As more organizations get into the biometric identification security game, there will be an ever-increasing number of these databases at risk of being breached.

As mentioned above, once a hacker steals biometric information, it cannot be changed. In a future where biometric information will verify bank accounts and home security systems and any number of things in our smart world, this could lead to a very insecure future.

Where It Isn’t Even Relevant

Perhaps this is an obvious point, but password insecurity isn’t the only cybersecurity risk, nor is it arguably the biggest one. Cyberattacks like spear-phishing and malware will still wreak havoc, and hackers will still have boundless other opportunities to cause utter devastation for organizations everywhere.

Biometrics and Beyond

There is reason to be excited about biometric identification, and this method of security will only get stronger as biometric identification combines with behavioral analysis for two-factor authentication. But it isn’t the be-all and end-all of cybersecurity measures, and shouldn’t be hailed as so. The fight against cybercrime is going to take much more than iris scanning.

To learn more about the University of Miami Cybersecurity Bootcamp, CLICK HERE to get in touch with our Advisors.

Categories

Skip to content