Biometrics are increasingly replacing traditional security options, such as usernames, passwords, single-use tokens, and dual-factor authentication. Some mobile phones come with iris scanners, residential door locks feature fingerprint reading technology, and MasterCard is working on a mobile pay system that uses heartbeat data. The writing is on the wall — biometrics are the way forward. But, are they safe? The answer is a mix. Here’s a look at the some of the biggest risks associated with biometrics at the moment.
Certain Physical Elements Change Over Time
Over time, some body parts are especially prone to change. For instance, your face changes a lot in your life; even small changes in your appearance can confuse facial recognition algorithms. Instead of facial recognition, focus on biometrics that are relatively consistent such as ears, fingerprints, and even gaits.
Biometrics Are Inherently Public
A traditional password is stored in your memory or written down on a piece of paper in a desk drawer, and those locations are inherently private. In contrast, biometrics are inherently public. People can see your face, ears, and gait, and they can pretty easily take a video of these elements. They can even lift your fingerprints off something you touch. You can’t change the public nature of biometrics, so you have to focus on other security elements that help to make spoofing harder.
Spoofing Can Compromise Security
Spoofing is when someone makes a copy of a biometric element to confuse a security system. Four years ago, the media was aghast when a hacker lifted the fingerprints of Germany’s defense minister from press release photographs and photographs the hacker took from three meters away. Now, a quick internet search yields countless videos and instructional sites on how to replicate that hack at home.
Fingerprints are not only at risk. Clever hackers can take a picture of someone’s iris, print it on a contact lens, and fool an iris scanner. On top of that, most facial recognition software can’t tell the difference between a photo or video of someone’s face and the real thing. Although developers are working on programs that detect life, the technology still isn’t there. Before you embrace biometrics in your financial institution, you may want to wait for the industry to develop stronger safeguards against spoofing.
You Can’t Change Your Biometrics
Although some biometrics change naturally over time, you can’t change your biometrics like you can passwords and usernames. If someone steals an image of your ear, for example, you can’t just get a new one. Even if you shift to another body part when one is compromised, there’s a limited supply of options.
Hackers May Be Able to Bypass Biometric Security
In some cases, the biometrics themselves aren’t the most vulnerable part of the set up. Instead, the technology underscoring the biometrics are subject to hacking. For instance, a competent hacker can remove the biometric match requirement. Then, depending on the set-up, they can proceed into the account without providing any additional information, or they just need to enter a username and password like usual.
To prevent this from happening, it helps to ensure that the software breaks down the biometric elements, encrypts each piece, and stores each element in a separate spot. Techniques like that make it harder for scammers to bypass the biometric components.
Scammers tend to focus on the points of least resistance, and at the moment, it’s typically a lot easier to find, buy, or phish for usernames and passwords than it is to hack biometrics. However, as the marketplace shifts to using more and more biometrics, scammers will learn how to bypass those security elements.
Whether you’re using biometrics now, thinking about using them in the future, or just waiting to see what will evolve, you need a security partner who is as nimble and informed of security changes as the scammers are — that’s where we come in. To learn more, contact SQN Banking Systems today.