Biometric Identification: The Good and The Bad


From governments and small businesses to individual internet users, we are an online world under siege.

Whether it’s targeted hackings, massive data breaches, or other unforeseen threats, billions of people are waiting and hoping for a quick, easy fix, one that takes the advantage back from black hat hackers and cybercriminals.

In some corners, biometric identification has become the next best thing in cybersecurity, but in other corners, not so much.

What is Biometric Identification?

Biometric identification is a process of verification that uses a unique biological trait to determine whether or not someone is who they say they are. Features used in biometric identification can include fingerprints, iris scans, retina scans, hand geometry, ear geometry, voice recognition, facial recognition, and even heartbeat data.

Use of these identifiers takes the place of other common identifiers such as logins, passwords, PIN codes, birth dates, addresses, or other personal information. An increasingly common form of biometric identification is fingerprint scanning to unlock certain smartphones instead of a four-digit code.

fingerprint on screen showing an example of biometrics

Where Biometric Identification Succeeds

  • More secure than usual passwords
  • Convenient
  • Hackers can’t use brute-force hacking methods

Take the above example of biometric smartphone identification. For the average person just trying to go about their day without having their phone and all the data within compromised, biometric identification is an excellent solution. So long as you’re not, for example, a cheating husband with a phone that unlocks with a fingerprint who falls asleep next to his suspicious wife on a plane.

When this technology reaches ATMs and other day-to-day technology, it will still be an excellent solution for the average person. It’s more secure than passwords and other login information; it’s more convenient because there is nothing to be remembered or kept. Biological traits are stable and will not change even over the long term.

It’s unlikely that even the most ingenious hackers will find a way to brute-force biometric identification the way they can with passwords. For end-user technology, biometric identification seems to be the way to go, at least when it comes to random hacking attempts.

Where It Falters

  • Doesn’t stop invasive hacking
  • Can be used against you in moments of vulnerability

Amusing as the cheating husband’s story may be, it illustrates how biometric identification is far from foolproof. Had the husband’s phone been secured with a password, his wife would likely not have been able to open it.

While this technology will stymie hackers looking to get into random smartphones and other internet-connected devices, hackers targeting people they know may not be easy to stop. With access, there is an opportunity, invasive as it may be.

Where It Fails

  • Not hack-proof
  • If compromised, it can’t be changed like a password
  • Susceptible to data breaches

First, as much as it would be nice to believe the opposite, biometrics are not hack-proof. There have already been instances of hackers beating biometric authentication measures. Most notably, a German hacker who used high-resolution photos of the German Minister of Defense’s finger in order to outsmart fingerprint authentication technology. Hackers also used pictures from Facebook to beat facial recognition technology.

When security measures get smarter, hackers don’t tend to give up. They get smarter, too, and these advanced strategies can target high-profile employees of high-profile organizations.

Second, if a person has their biometric information compromised, it can’t be changed, as a password can. These traits are permanently part of a person, for better or – in this case – for worse.

Third, and most frighteningly, there is a stark difference between a security measure where biometric information is stored solely on a user’s device and a security measure where a central database stores biometric data. Over five million fingerprints have already been stolen from a US government database. As more organizations get into the biometric identification security game, there will be an ever-increasing number of these databases at risk of being breached.

As mentioned above, once a hacker steals biometric information, it cannot be changed. In a future where biometric information will verify bank accounts, home security systems, and any number of things in our smart world, this could lead to a very insecure future.

iris or retina scans are an example of biometric identification

Where It Isn’t Even Relevant

Perhaps this is an obvious point, but password insecurity isn’t the only cybersecurity risk, nor is it arguably the biggest one. Cyberattacks like spear-phishing and malware will still wreak havoc, and hackers will still have boundless other opportunities to cause utter devastation for organizations everywhere.

Biometrics and Beyond

There is reason to be excited about biometric identification, and this security method will only get stronger as biometric identification combines with behavioral analysis for two-factor authentication. But it isn’t the be-all and end-all of cybersecurity measures, and shouldn’t be hailed as so. The fight against cybercrime is going to take much more than iris scanning.

The University of Miami Cybersecurity Bootcamp can help you jumpstart your cybersecurity knowledge and provide the on-hands, expert-led training you need to enter the field in less than one year. To get started, fill out the form below to schedule a call with our advisors and learn more about our training program.

Skip to content