Biometrics have been the object of technological fascination for decades, ever since retinal scanners and fingerprint-evaluation devices have been featured in science fiction stories. The concept is simple: Rely on physical "signatures" from a person’s body, rather than a conventional password, as a method of identification and security.
Advantages to This Approach Are:
- User availability. Reliance on a physical signature is also convenient for individual users. Rather than having to remember or store dozens of passwords, or carry around an ID card, users can simply present a finger, ear, or eye to be scanned and thereby confirm their identity.
- Long-term costs. Biometric research is expensive, and costly to implement, but over the longer term, it would be much cheaper to manage than conventional systems, which have to plan for password resets as well as the potential for fraud.
There are also some inherent flaws, however, and those will need to addressed before we can make seriously consider rolling out a universal biometric system to any extent.
The Flaws. The Most Important Vulnerabilities to Fix:
- Clever replication. First, we need to face how easy it may be for some physical characteristics to be replicated. For example, hackers have developed a near-universal set of fingerprints, which can be used to bypass the fingerprint recognition software on a majority of smartphones today. Our pattern-recognition systems aren’t sufficiently advanced to distinguish between the real thing and these clever, algorithm-fooling forgeries.
- User privacy. Most modern security protocols offer some measure of privacy to their users, and avoid keeping too much consumer information in one place in case the security of the system is compromised. But some companies and organizations that have attempted to use biometrics are hoping to create a full database of biometric data from an complete base of citizens. A single break into a system like this could allow millions of identities to be compromised.
- User errors and scams. No matter how sophisticated a security measure might be, it’s only as secure as the people who use it. A phishing scam, for example, could still trick a user into giving up a piece of biometric info, such as the shape of his ear or her fingerprint. One slip-up could render the additional security of biometrics useless.
- Reset availability. Biometrics are advantageous in part because they don’t have to be reset or regularly managed. But this also creates a key weakness: If your biometric data is ever stolen or forged, you won’t have the capability to reset that information with any ease. We don’t currently have the technology to reshape parts of the body readily and permanently . . . and even if we did, that may raise ethical concerns.
Compensation: What are Companies Doing to Mitigate or Eliminate Vulnerabilities?
- Multi-biometric systems. Some companies are pursuing multi-biometric systems, which rely on multiple biometric signatures, rather than just one. For example, you might be required to show a thumbprint as well as your face in order to verify your identity. This would make it many times harder to effect a successful forgery; a would-be hacker would have to replicate two different biometric signatures, each of which presents unique challenges.
- Decentralized storage. Companies also need to protect against the possibility of a breach of user data. One potential solution would be decentralization, possibly through the implementation of the blockchain. A decentralized yet publicly accessible ledger could hypothetically allow biometric scans to be authenticated without the need for a single, hackable database.
- Multi-authentication systems. Many applications, including security in healthcare, are leaning toward using multiple methods of identification. For example, they might rely on both a conventional password system and a biometric scanner. This would add a layer of protection to that offered by a multi-biometric system, but also address other weaknesses with biometrics. It would still leave us vulnerable to some of the problems with typical passwords, but a hybrid approach could compensate for weaknesses on both sides.
- Anti-hacking research and awareness. Researchers could also mitigate the threat of hacking by researching how hackers replicate or gain access to biometric information, and invent ways to prevent it from being used. Making consumers more aware of scams that could be employed to seize and use biometric information fraudulently might also prevent such information from being stolen and distributed.
We may soon be living in a world closer to what we used to regard as science fiction —relying on our physical characteristics as a means of identifying ourselves and authenticating purchases.
Before we get there, though, we’ll have to solve the vulnerability problems that biometrics entail. A handful of breakthroughs and smarter implementation choices may be enough to make the difference.
Larry Alton is a professional blogger, writer, and researcher. A graduate of Iowa State University, he's now a full-time freelance writer and business consultant. Currently, Larry writes for Entrepreneur.com, Inc.com, and Forbes.com, among others. In addition to journalism, technical writing and in-depth research, he’s also active in his community and spends weekends volunteering with a local non-profit literacy organization and rock climbing. Follow him on Twitter (@LarryAlton3), at LinkedIn.com/in/larryalton, and on his website, LarryAlton.com. To read more of his reports — Click Here Now.
© 2021 Newsmax. All rights reserved.