Biometrics Cyber Security: Is a Fingerprint Enough?
Facial recognition software. Fingerprint readers. Retinal scanning. What once seemed like technology reserved for sci-fi movies like Robocop (1987, facial recognition software) and 2001: A Space Odyssey (1968, voice ID programs in Hal 9000) is now our everyday. But is biometrics cyber security enough protection for the average office?
Biometrics were once thought of as the upper limits of scientific ingenuity, along with flying cars and time machines. Today, we use them to unlock our phones, login to our bank accounts, and play music over your home assistant devices, like Alexa and Google Home. Questions of biometrics cyber security have also arisen– How easy is it to hack? Can it be faked? Perhaps most importantly, are biometrics able to protect assets more effectively than traditional passcode and encryption protocols?
Let’s dive in:
Biometrics at Work
When we’re talking about the concept of biometrics and biometrics cyber security, we’re referring to a particular hardware, software, or combination of both that is able to measure the veracity of a particular action (like logging into a computer) based on the physical characteristics of the user.
Biometrics are typically divided into two categories: Physiological and behavioral.
Physiological biometrics is the reading of a particular way someone looks. This would include:
- Fingerprint scanning
- Facial recognition
- Retina scanning
- Iris recognition
Behavioral biometrics are based on the behavior of the user. The user has to perform some particular function that a software program can match to existing data, like setting up voice recognition for Siri. Examples of such are:
- Voice ID
- Keystroke dynamics
- Signature analysis
- Mouse use dynamics
- Movement analysis
Behavioral biometrics are typically less expensive for companies to incorporate because they require only software programs and time to establish points of reference for the user. For example, keystroke dynamics measure our habits we have when typing that could identify us, like speed, on-screen transitions (favoring tab over clicking with the mouse, or vice versa), and other nuances that make your typing habits different from everyone else’s. It works as a second layer of security in combination with traditional username and password credentials.
But Is It Safe?
Like all cybersecurity measures, an ounce of prevention is worth a pound of cure. Nothing is impossible to hack. Even the Pentagon has issued several “hacking challenges,” encouraging people to try to crack into the government networks to help them find vulnerabilities before they can be used for nefarious purposes.
Unfortunately, as biometrics become more commonplace, the data becomes more vulnerable. You can change a password, but you can’t change your fingerprint. The more places that your biometrics data is stored, the higher the risk that it can be stolen.
Additionally, many biometrics hardware options are vulnerable to being tricked by high resolution photos and lifted fingerprints. If someone really wanted to, they could easily use a fingerprinting kit to obtain a copy of your prints from a glass or door handle. While the likelihood of this is pretty slim, it’s something to keep in mind.
The best option is to combine smart passcode standards with biometrics. For example, many devices can be setup to require facial recognition and password entry before unlocking. Additionally, there is no replacement for maintaining your cybersecurity measures for your networks. Firewalls, advanced endpoint protection, and end user training are always going to take your data protection dollar further than investing in biometric technology.