At one time, biometrics were used just for fingerprinting criminals. Government agencies led the charge by identifying state and federal employees with the same technology. Corporations then used basic forms of biometric authentication for access control. Now, everywhere we turn, your biometrics are being gathered and scanned – and this is heightening security risks.
It is now becoming common for us to use biometric authentication to access our electronic devices and mobile apps, and we might even use biometrics for other uses, like clocking in at work and scanning travelers from other countries through U.S. airport security.
The Growth of Biometric Authentication
Everywhere you look, your individual characteristics are being taken from you – from a face scan, fingerprint, eye scan, to even DNA. However, while it continues to be a security issue, consumers are not seeing it as one. In fact, a 2019 Visa survey found 70 percent of consumers believe that biometrics are easy to use and 46% consider it to be safer than using passwords or PINs. This potential false sense of security is posing an even bigger problem.
When someone steals your password, you may be notified to change it. This can be done repeatedly until you have something strong enough that won’t be hacked. Unfortunately, with biometrics, if a hacker steals your information, it cannot be altered. This means, they have it forever and you remain vulnerable. You cannot change your fingerprint or eye scan like you can with your email password.
Hackers continue to get smarter and find ways to steal your information. Already, there have been several recorded attacks against biometric information. In 2019, security researchers and the VPNMentor team uncovered a data breach containing the fingerprint data of 1 million individuals along with the facial recognition information, and unencrypted usernames and passwords of 27.8 million individuals. The exposed database belonged to BioStar 2, a biometric security platform used by organizations worldwide.
Protect Your Biometric Data
While many people are left feeling unsecure, it is important that those who choose to use the biometric scans require government agencies and companies to be held accountable. It is their job to ensure that your personal information remains secure at all costs. Thoroughly review privacy policies to ensure your information is being encrypted and protected.
For example, let’s take Apple’s Touch ID. This is right from Apple’s website:
“Touch ID doesn’t store any images of your fingerprint, and instead relies only on a mathematical representation. It isn’t possible for someone to reverse engineer your actual fingerprint image from this stored data.
Your fingerprint data is encrypted, stored on device, and protected with a key available only to the Secure Enclave. Your fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. It can’t be accessed by the OS on your device or by any applications running on it. It’s never stored on Apple servers, it’s never backed up to iCloud or anywhere else, and it can’t be used to match against other fingerprint databases.”
That’s the kind of security you should be looking for when providing your biometrics.
With any technology that requests biometrics, consumers must require their biometric data is encrypted when it’s being captured. You shouldn’t be afraid of biometric authentication methods any more than you should be afraid of online banking. It’s just another piece of technology that, when handled properly, can make things a bit more convenient. But you should be aware of its implications and be aware of how to keep it secure. Do your research any time biometrics become part of the authentication process.