What are biometrics?
Your face, iris, DNA, and typing style can all be used as a password
Many of the techniques used by hackers include phishing and social engineering, while many of the passwords themsleves are as straightforward as 'football' or '123456'.
On the flip side, the benefits of using a strong password are negated if this password is then reused across all logins for all devices and systems - underming a user's information security in one fell swoop. Any security strategy must take into account how prone we, as human beings, are to undermining our own protections with decisions such as this.
Biometric security can go a long way towards resolving many of the problems caused by passwords. Instead of entering a special code you need to remember, or that you store in a password manager, you can simply use your fingerprint, or your face, to sign-in to an account, or your device. This is arguably the most secure method of authentication - using a piece of your own biology to verify you are who you claim to be. This can extent to an scan of your iris, or even behavioural data.
Biometrics, or biometry, is the statistical analysis of behavioural characteristics in humans. In technology, its mostly used for identification, where it gathers information about a user to verify their identity.
This extra layer of authentication has presented a few morbid examples of its success in recent years, with various police forces failing in attempts to open smartphones with a dead person's finger.
There are also numbers concerns with facial recognition technology, with authorities around the world weighing up its benefits and its impact on our privacy.
Facial recognition is often used in CCTV evidence gathering
Biometric authentication is the process of turning captured human characteristics and behaviour, into a digital format. It is by far the most common form of biometric identification, and the most common authentication method is fingerprint scanning; although this can also include face, iris, voice, DNA, and even the way we move or perform tasks, such as typing.
Leadership compass: Privileged Access Management
Securing privileged accounts in a high-risk environmentDownload now
Unlike traditional measures, biometric authentication requires the person be present while data is captured. This means that it's almost impossible for a hacker to steal a person's credentials, as they are intrinsically tied to an individual.
What's great about biometrics is that not only is it considered the most secure form of authentication, it's also the simplest from an end-user perspective. It frees the user from having to remember ID numbers or complex password strings, and best of all, there's no need to come up with ridiculous password recovery questions and answers - there's no way to lose your DNA, outside of some adventurous scientific experimentation.
Can biometrics be hacked?
Although the idea of biometrics sounds incredible in principle, it hasn’t always been the pillar of success. In fact, early attempts at rolling out biometric authentication managed to generate rather mixed results.
Despite fingerprint scanners being widely available for some time now, innovations such as voice-based authentication for banking have proven less feasible. In 2017 BBC reporter Dan Simmons famously discovered he was able to sign into HSBC's mobile banking system by mimicking his twin brother’s voice.
Facial recognition isn’t without faults either. In April 2017 it was reported that a Samsung Galaxy S8 user was able to log in through the device’s facial scanner using a printed-out selfie – a trick which could be very easily exploited by criminals.
A more recent incident involving Samsung devices occurred last year, when it was discovered that the Galaxy S10's ultrasonic sensor could be easily unlocked using a 3D-printed fingerprint.
Apple's iPhone X onwards boasts the latest in smartphone facial recognition technology
Apple promised to solve such problems with its now-discontinued iPhone X, which was released in late 2017. Using infrared and visible light scans, the device’s Face ID technology was able to almost instantaneously analyse a person's face and hide the onscreen notification messages if the phone was picked up by a stranger. In fact, Apple stated that the chance of a stranger being able to unlock someone else’s phone was 1 in 1,000,000, making it increasingly safer than other methods of biometric authentication.
By contrast, the same likelihood of unlocking a phone using a fingerprint scanner was estimated to be 1 in 50,000.
The PIN is still king
While the underlying principles of biometric authentication would likely prove to be incredibly effective at keeping out hackers, its development has been dictated by the pace of technology. Unfortunately, industry has yet to come up with a highly accurate system that's also cost effective for mass deployment.
For better or worse, passwords and two factor authentication still rules the day.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now