Dangers of Biometric Security

Your phone buzzes signaling the reception of a new notification. Reaching for it, you quickly swipe your finger over the fingerprint reader and it unlocks granting you access to all your data. You have just made use of biometric authentication.

Biometrics is a term used in computer security and refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked. Various schemes can be employed to authenticate a user such as:

  1. Face. Analyzing the characteristics of one’s face.
  2. Fingerprint. Analyzing an individual’s unique fingerprint.
  3. Handprint. Analyzing an individual’s unique handprint.
  4. Hand geometry. Analyzing the shape of the hand and the length of the fingers.
  5. Retina. Analyzing the capillary vessels located at the back of the eye.
  6. Iris. Analyzing the colored pupil that surrounds the pupil.
  7. Vein. Analyzing the pattern of veins in the back of the hand and wrist.
  8. Voice. Vocal analysis to determine the tone, cadence, pitch and frequency of a person’s voice.
  9. Signature. Analyzing the way an individual signs their name.

The process above is no doubt familiar to phone users with fingerprint scan-enabled phones. It is simple and hassle free but it is not as secure as one would think. How so? Well for starters, by using biometric security you are in a sense carrying your password out in the open. Think about it. All a hacker would need to do is find out which part of your body is required to gain access then proceed to disarm you through intoxication, drugging or intimidation (A gun to the head would suffice) and gain access to your device. Some devices like the iPhone 6 have had their fingerprint readers hacked before.

Now you may probably be wondering, “who would be willing to go that far just to access my device?” To that I say, anyone. Information is the new currency of the modern age. Anything, be it text, images, audio or videos can be worth something to someone. Remember that by also gaining access to your device, one can in a sense, steal your identity. Take a moment and imagine, if someone got hold of your device and sent a strongly worded, nasty text to your employer, what stops them from terminating your employment there and then? There is very little you can do to prove your innocence unless you have some CCTV footage of the actual culprit committing the misdeed.

Biometric security can also prove to be a problem if you happen to encounter the police. In some countries (*cough* USA *cough*), the police are legally allowed to force you to unlock your phone if it is locked with a fingerprint. Now let me paint a worst case scenario. You happen to be pulled over by the police during a random night drive. By bad luck, they turn out to be corrupt cops who ultimately ask you for a bribe. If you refuse, they could get you locked up, force you to unlock your phone (willingly or unwillingly) and plant evidence like say, a text message discussing the sale of drugs. You will try to object but it will be on your device and there will be no liberation unless you have some really good connections. For this reason, it is advisable that if you do encounter the police, turn off you phone if it is fingerprint scan-enabled then turn it back on. This is effective as in the case of iPhones, a passcode will be required before access can be granted. It will deter anyone from trying to force you to unlock the device as you can simply argue that you are unable to remember.

What you need to keep in mind is that no form of security is 100% secure. You can however better the odds by combining more than one. In the case of biometrics, it may not be enough to only use a fingerprint. Depending on the nature of information or object being secured, one could also use voice analysis and retinal scans and top it off with a randomly generated passcode that expires after a predetermined number of uses. The level of security granted will certainly be higher but remember that more sophisticated security invites challenge from more sophisticated individuals. You will have to remain vigilant lest someone infiltrates your premises, acts out a Mission Impossible movie scene and robs you.

For a handheld device, the aforementioned measures would make the device quite cumbersome to use. With that regard, if you do opt to use your fingerprint for authentication, do not forget to set up contingency plans like having a backup passcode. In addition to this, remember to only use your fingerprint for unlocking the device. Do NOT (and I cannot emphasize this enough) authorize sensitive apps like finance or banking apps to use your fingerprint for authentication. Yes, it is a convenient feature to have but, if you are not careful, you will regret it. You may just wake up one day to find someone cleaned out your bank account with the touch of a finger.

Are you a fan of biometrics or not? Leave your comments down below and let me know what you think.