What are biometrics?

Face, iris, DNA, typing style... it can all be used as a password

An alarming amount of data breaches and security leaks are due to weak passwords. Some can be so poorly conceived they are begging to be hacked. We're talking about 'Password1' and the many terrible variations that people use, or a fairly strong password that is then used for every single device and service meaning one hack can get into everything. Modern security needs to take into account the fecklessness of man.

This is where biometric security can help - why type anything in when your face can be used to unlock a phone. What's more secure than tying a user to their device or a service with their own biology; the shape of their face, their fingerprints, even behavioural data.

Biometrics, or biometry, is the statistical analysis of behavioural characteristics in humans. In technology, its mostly used for identification, where it gathers information about a user to verify their identity. 

This extra layer of authentication has presented a few morbid examples of its success in recent years, with various police forces failing in attempts to open smartphones with a dead person's finger.

There are also numbers concerns with facial recognition technology, with authorities around the world weighing up its benefits and its impact on our privacy.

Biometric authentication

Facial recognition is often used in CCTV evidence gathering

Biometric authentication is the process of turning captured human characteristics and behaviour, into a digital format. It is by far the most common form of biometric identification, and the most common authentication method is fingerprint scanning; although this can also include face, iris, voice, DNA, and even the way we move or perform tasks, such as typing.

Unlike traditional measures, biometric authentication requires the person be present while data is captured. This means that it's almost impossible for a hacker to steal a person's credentials, as they are intrinsically tied to an individual.

What's great about biometrics is that not only is it considered the most secure form of authentication, it's also the simplest from an end-user perspective. It frees the user from having to remember ID numbers or complex password strings, and best of all, there's no need to come up with ridiculous password recovery questions and answers - there's no way to lose your DNA, outside of some adventurous scientific experimentation.

Can biometrics be hacked?

Early attempts at biometric authentication have produced mixed results. While consumers have been able to unlock their smartphones with their fingerprints for a number of years now, the rollout of voice-based biometrics for banking has proved less successful. For example, HSBC implemented voice recognition across its mobile banking system, only for it to be bypassed in May when BBC reporter Dan Simmons asked his twin brother to mimic his voice.

Facial recognition has also proven to be less than perfect in Samsung's smartphones. In April, the facial scanner of the Galaxy S8 was fooled when a user printed out a selfie and showed it to the camera, and in May it's iris scanner was tricked into thinking a 3D printed eye belonged to its registered user.

Apple's iPhone X boasts the latest in smartphone facial recognition technology

Apple's iPhone X promises to solve these problems and refine facial recognition enough to be useful. Its Face ID technology uses infrared and visible light scans to almost instantaneously analyse a person's face, and claims some impressive features, such as hiding notification messages if the phone scans a stranger's face, or keeping your biometric data updated as you get older.

Apple also claims that the odds someone will be able to use their fingerprint to unlock your phone is 1 in 50,000, while Face ID will stretch that to 1 in 1,000,000. Suffice to say, if it works, it will be almost impossible for someone to randomly unlock your phone.

The PIN is still king

While the underlying principles of biometric authentication would likely prove to be incredibly effective at keeping out hackers, its development has been dictated by the pace of technology. Unfortunately, industry has yet to come up with a highly accurate system that's also cost effective for mass deployment.

For better or worse, passwords and two factor authentication still rules the day.

Featured Resources

Five lessons learned from the pivot to a distributed workforce

Delivering continuity and scale with a remote work strategy

Download now

Connected experiences in a digital transformation

Enable businesses to meet the demands of the future

Download now

Simplify to secure

Reduce complexity by integrating your security ecosystem

Download now

Enhance the safety and security of your people, assets and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now


'Largest ever' Magecart hack compromises 2,000 online stores

'Largest ever' Magecart hack compromises 2,000 online stores

15 Sep 2020
Infocyte integrates with Palo Alto Networks Cortex XSOAR
cyber security

Infocyte integrates with Palo Alto Networks Cortex XSOAR

19 Aug 2020
Andrew Daniels joins Druva as CIO and CISO

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020

Most Popular

Accenture ploughs $3 billion into cloud migration support group
digital transformation

Accenture ploughs $3 billion into cloud migration support group

17 Sep 2020
16 ways to speed up your laptop

16 ways to speed up your laptop

16 Sep 2020
Google Pixel 4a review: A picture-perfect package
Google Android

Google Pixel 4a review: A picture-perfect package

18 Sep 2020