What are biometrics?
Face, iris, DNA, typing style... it can all be used as a password
An alarming amount of data breaches and security leaks are due to weak passwords. Some can be so poorly conceived they are begging to be hacked. We're talking about 'Password1' and the many terrible variations that people use, or a fairly strong password that is then used for every single device and service meaning one hack can get into everything. Modern security needs to take into account the fecklessness of man.
This is where biometric security can help - why type anything in when your face can be used to unlock a phone. What's more secure than tying a user to their device or a service with their own biology; the shape of their face, their fingerprints, even behavioural data.
Biometrics, or biometry, is the statistical analysis of behavioural characteristics in humans. In technology, its mostly used for identification, where it gathers information about a user to verify their identity.
This extra layer of authentication has presented a few morbid examples of its success in recent years, with various police forces failing in attempts to open smartphones with a dead person's finger.
There are also numbers concerns with facial recognition technology, with authorities around the world weighing up its benefits and its impact on our privacy.
Facial recognition is often used in CCTV evidence gathering
Biometric authentication is the process of turning captured human characteristics and behaviour, into a digital format. It is by far the most common form of biometric identification, and the most common authentication method is fingerprint scanning; although this can also include face, iris, voice, DNA, and even the way we move or perform tasks, such as typing.
Unlike traditional measures, biometric authentication requires the person be present while data is captured. This means that it's almost impossible for a hacker to steal a person's credentials, as they are intrinsically tied to an individual.
What's great about biometrics is that not only is it considered the most secure form of authentication, it's also the simplest from an end-user perspective. It frees the user from having to remember ID numbers or complex password strings, and best of all, there's no need to come up with ridiculous password recovery questions and answers - there's no way to lose your DNA, outside of some adventurous scientific experimentation.
Can biometrics be hacked?
Early attempts at biometric authentication have produced mixed results. While consumers have been able to unlock their smartphones with their fingerprints for a number of years now, the rollout of voice-based biometrics for banking has proved less successful. For example, HSBC implemented voice recognition across its mobile banking system, only for it to be bypassed in May when BBC reporter Dan Simmons asked his twin brother to mimic his voice.
Facial recognition has also proven to be less than perfect in Samsung's smartphones. In April, the facial scanner of the Galaxy S8 was fooled when a user printed out a selfie and showed it to the camera, and in May it's iris scanner was tricked into thinking a 3D printed eye belonged to its registered user.
Apple's iPhone X boasts the latest in smartphone facial recognition technology
Apple's iPhone X promises to solve these problems and refine facial recognition enough to be useful. Its Face ID technology uses infrared and visible light scans to almost instantaneously analyse a person's face, and claims some impressive features, such as hiding notification messages if the phone scans a stranger's face, or keeping your biometric data updated as you get older.
Apple also claims that the odds someone will be able to use their fingerprint to unlock your phone is 1 in 50,000, while Face ID will stretch that to 1 in 1,000,000. Suffice to say, if it works, it will be almost impossible for someone to randomly unlock your phone.
The PIN is still king
While the underlying principles of biometric authentication would likely prove to be incredibly effective at keeping out hackers, its development has been dictated by the pace of technology. Unfortunately, industry has yet to come up with a highly accurate system that's also cost effective for mass deployment.
For better or worse, passwords and two factor authentication still rules the day.
Five lessons learned from the pivot to a distributed workforce
Delivering continuity and scale with a remote work strategyDownload now
Connected experiences in a digital transformation
Enable businesses to meet the demands of the futureDownload now
Simplify to secure
Reduce complexity by integrating your security ecosystemDownload now
Enhance the safety and security of your people, assets and operations
Enable a true vision of security with an engineered solution based on hyperconverged and storage platformsDownload now