What is Biometrics Security – Is it Secure?
By Nick Anderson 6 minutes
The use of biometrics is common in the modern world. It is used everywhere, even on gadgets that we own for authentication. For the most part, biometric verification technology has changed our lives for the better. There are, however, a few concerns around the use of biometrics.
What are Biometrics?
Biometrics refers to natural physical attributes that you carry everywhere. It encompasses all such features that help you distinguish among the billions of people in the world.
Today, biometrics are used to grant and control access to a person. Machines capable of reading biometrics are used for identification, through which a person can gain access to rightful privileges that would otherwise be inaccessible. For example, a bank will use your fingerprint to verify identity to keep records, as well as provide services later by verifying ownership of the account.
Biometrics security is widespread thanks to the fact that biometrics cannot be ‘forgotten’ or ‘guessed’ when compared to traditional methods of authentication, such as a password or PIN. It is always with you, hence not like a special key that you have to carry around.
Here are some types of biometrics:
The natural lines on our skin are unique to every individual on the planet. No two fingerprints are alike; hence why fingerprints have long been used for biometric verification.
As technologies have improved and computer algorithms have gotten better at accuracy, facial recognition has vastly improved. Smartphones sold today have facial recognition that grants access to the device to the rightful owner. More sophisticated facial recognition employs 3D scanning that can map depth, allowing for a much higher level of accuracy.
The human eye has a biometric that is one of the strongest that you inherently possess. The area around the pupil has a pattern that machines can photograph and store for verification. Iris scanners are usually installed near gates to provide access to authorized personnel. Like in facial recognition, iris scanning is not beholden to proper lightning; it can be used in the dark thanks to the infrared camera.
DNA is not as common but has been used as a biometric for years. It is most common in law enforcement agencies to track down criminals. Since DNA can be obtained from things such as hair, crime scenes are inspected for such evidence to uncover the guilty.
But that’s not all. Researchers are finding new types of biometrics that can at least be used with other types of biometrics to provide more accuracy if not used solely. For example, researchers are able to use a person’s behavior as biometric – it is called gait recognition.
Biometric Security for Security
Biometrics have played a huge role in automating security. Wherever possible, biometric scanners have been installed to restrict access to unauthorized users. Facilities such as server farms such as that of Google and Facebook are one of the examples where biometrics provide access only to authorized people. Even if you have access to one part of the facility, you may not have access to another; this where the difference between authentication and authorization becomes clear.
Technology has reached the point where it’s possible to shrink biometric scanners to fit inside smartphones. Apple’s iPhone was the first to introduce fingerprint recognition. Today, facial recognition – including 3D facial recognition – is commonplace in modern smartphones. We even had Iris scanners for a while.
In the context of phones, biometrics prevent unauthorized access to people other than the rightful user of the device. Biometric data is encrypted and saved on the device. Scanners read biometrics then match it against the data stored in the device for that user. If there’s a match, the phone unlocks.
Is Biometrics Security Safe to Use?
Devices that store biometrics do so in an encrypted form. Encryption scrambles data to make it unreadable. A key is stored against your biometric and used to unlock the phone every time you use the registered biometric.
Apple’s iPhone includes a co-processor that exists outside of the iOS operating system. The benefit of this approach is that modifications to the OS cannot be made to extract biometric data. The “Secure Enclave” co-processor always checks for an Apple-signed firmware during bootup, and it also maintains the password timeout counter after the device restarts.
But on-device security can often fail against the fundamental flaws attached to some form of biometrics. Biometrics are highly confidential properties that always carry the risk of falling into the wrong hands. Fingerprints left on glass can be obtained or forged using high-resolution cameras to unlock phones, as seen previously.
The iPhone also introduced 3D depth-sensing facial recognition that projects 30,000 dots to map a person’s face. It is much harder to fool such tech as creating a 3D model of a face is not within every hacker’s ability. Moreover, the phone only unlocks when the person has eyes open, so it cannot be misused if you are unattentive.
But facial recognition is not foolproof. Apple explained that Face ID can be tricked in the case of a person’s twin. Similarly, early facial recognition feature in smartphones relied on RGB images, which is unsecure and can be tricked if someone else has similar facial features.
A password or PIN is always more secure in comparison as it can always be changed at any time to anything random. Whether it’s password or biometric data, it can be stolen in the event a service is breached. But you can always change a password.
Biometrics Security and Privacy
We are living in an age of surveillance. Authoritarian governments want to control, even if that means invading privacy. That means tracking and recording calls, internet activities, and even movement.
China has one of the biggest surveillance on the planet. It includes thousands of cameras that can be used to identify or track people in a large crowd. Computer algorithms have only gotten stronger and more accurate in the past few years, and it’s aiding in the deployment of such surveillance that can identify people based on the way they walk. It’s not science fiction – it’s happening now.
It is called passive biometric identification because it does not involve the consent of a person.
Should You Use Biometrics?
Passive biometric identification is more of a problem now than biometrics data stored with your consent. With the proliferation of IoT devices, surveillance and data collection have only increased. Whether you are on the internet or walking down the street, the government is breaching certain boundaries of privacy.
Biometric authentication is safe and can provide faster access. In certain situations, it will be mandatory to enroll biometrics to provide you with an identity. However, hiding internet activity is something within your control. And VPN provides the encryption to prevent any third-party from tracking as you navigate through webpages.