What are biometrics?
Your face, iris, DNA and typing style can all be used as a password
Who isn’t guilty of having used a simple password like ‘football' or '123456'? In a world that demands authentication for each and every service, how can users be expected to memorise all the different combinations of keys?
However, what might seem like an easy way out is actually a security nightmare from an IT professional’s point of view. Weak passwords are the cause of a significant number of preventable data breaches, with many so ill-thought that it is unsurprising to see them cracked.
On the other side of the spectrum, there are also users who set a really good, strong password – and then proceed to reuse it for all their logins across multiple devices and systems, undermining its power in one fell swoop.
These unfortunate, yet familiar, scenarios show that we, as human beings, are prone to undermining our security strategies – regardless of how foolproof they seem.
However, while our memory can be futile, humankind has also been equipped with unique physical characteristics which might just be the answer to our IT security crisis.
Fingerprints and facial features already offer the benefits of not having to be memorised nor stored in a password manager app, resolving many of the problems caused by passwords. These are the most common examples of biometrics – the statistical analysis of human characteristics which, in tech, is most often used for identification purposes. Considered to be the most secure method of authentication, biometrics use a unique piece of your own biology, such as iris shape or papillary lines, in order to verify whether you are who you claim to be.
Nevertheless, despite its wide-ranging popularity in recent years, there are also a number of ethical concerns surrounding biometrics, from the impact of facial recognition technology on our privacy to a few morbid examples of unlocking devices with a dead person's finger.
Facial recognition is often used in CCTV evidence gathering
Biometric authentication is the process of turning captured human characteristics and behaviour, into a digital format. It is by far the most common form of biometric identification, and the most common authentication method is fingerprint scanning; although this can also include face, iris, voice, DNA, and even the way we move or perform tasks, such as typing.
Leadership compass: Privileged Access Management
Securing privileged accounts in a high-risk environmentDownload now
Unlike traditional measures, biometric authentication requires the person to be present while data is captured. This means that it's almost impossible for a hacker to steal a person's credentials, as they are intrinsically tied to an individual.
What's great about biometrics is that not only is it considered the most secure form of authentication, it's also the simplest from an end-user perspective. It frees the user from having to remember ID numbers or complex password strings, and best of all, there's no need to come up with ridiculous password recovery questions and answers - there's no way to lose your DNA, outside of some adventurous scientific experimentation.
Can biometrics be hacked?
Although the idea of biometrics sounds incredible in principle, it hasn’t always been the pillar of success. In fact, early attempts at rolling out biometric authentication managed to generate rather mixed results.
Despite fingerprint scanners being widely available for some time now, innovations such as voice-based authentication for banking have proven less feasible. In 2017, BBC reporter Dan Simmons famously discovered he was able to sign into HSBC's mobile banking system by mimicking his twin brother’s voice.
Facial recognition isn’t without faults either. In April 2017, it was reported that a Samsung Galaxy S8 user was able to log in through the device’s facial scanner using a printed-out selfie – a trick which could be very easily exploited by criminals.
A more recent incident involving Samsung devices occurred last year when it was discovered that the Galaxy S10's ultrasonic sensor could be easily unlocked using a 3D-printed fingerprint.
Apple's iPhone X onwards boasts the latest in smartphone facial recognition technology
Apple promised to solve such problems with its now-discontinued iPhone X, which was released in late 2017. Using infrared and visible light scans, the device’s Face ID technology was able to almost instantaneously analyse a person's face and hide the onscreen notification messages if the phone was picked up by a stranger. In fact, Apple stated that the chance of a stranger being able to unlock someone else’s phone was 1 in 1,000,000, making it increasingly safer than other methods of biometric authentication.
By contrast, the same likelihood of unlocking a phone using a fingerprint scanner was estimated to be 1 in 50,000.
The PIN is still king
While biometrics seems to be slowly taking over industries such as banking, with NatWest expected to roll out behavioural biometrics technology this year, it might still be outdone by the good old PIN.
This is largely due to the fact that, although the underlying principles of biometric authentication are incredibly effective, its development has been dictated by the pace of technology. Unfortunately, the tech industry has yet to come up with a highly-accurate system that's also cost-effective for mass deployment.
For better or worse, passwords and two-factor authentication still rules the day – at least for now.