According to the Biometrics Research Group, Inc., biometrics are “measurable physical and behavioral characteristics that enable the establishment and verification of an individual’s identity”.
The processes that are involved in biometrics include detecting and recording an individual’s distinctive physical features, as well as other traits. These aspects are then recorded by an electronic device in order to confirm a person’s identity. The word “biometrics” originates from the word “biometry” which has to do with the “statistical analysis of biological observations and phenomena”.
Identifying data used in biometrics are divided in two groups: physiological or behavioral. Physiological “identifiers” have to do with a person’s physicality. These include hand geometry, fingerprint recognition, odour/scent, DNA, iris scans, facial recognition, and palm print. Behavioral identifiers deal with the pattern of a behavior unique to each person. This includes gait analysis, keystroke dynamics, mouse use, voice recognition, cognitive biometrics, and signature analysis.
Although Biometric Identifiers Are Unique, Are They Safe From Fraudsters?
Biometrics are inherently one of a kind. Fingerprints, irises, fingerprints, and faces belong to a single person, alone. It is much more difficult for a criminal to seize a person’s biometric signature. When used in conjunction with other biometrics, it creates a rock-solid authentication that makes it ever more challenging for hackers to duplicate.
At first glance, biometrics seems to offer a fool-proof method to protect a person’s identity. However, hackers are hard at work, finding creative ways to find the weakest link in the chain. One of these weak links is the “unchangeability” of biometrics. If a hacker was to access this information, the biometric data will be permanently jeopardized.
Passwords can be altered to protect our data, our physical features, however, cannot be changed. It is precisely this reason that, although it remains cumbersome for most, the clustering of letters, symbols, and numbers for passwords still offers the most security compared to biometric passcodes.
An example of deep vulnerabilities within biometrics can be seen with researchers who have developed a machine-learning capability to hack cell phone fingerprints. Another example comes from the Samsung company, where its Samsung Galaxy S8 experienced a hack within its iris scanner.
Other researchers have shown that voice recognition can also be hacked. All it takes is for the criminal to capture 100 five-second sentences. Once a sample is in their possession, they can enter it into a special computer program in order to duplicate speech. Chinese researchers have discovered a way to “send ultrasonic messages” to voice recognition equipment such as Amazon Alexa.
Luckily, most of these instances of hacking have been perpetrated by researchers. Still, they have revealed that biometrics do not offer the fool-proof security needed for authentication. There is still much work to be done. For the time being, companies would do well if they take the necessary precautions of requiring a passcode or even a two-factor authentication along with a biometric check to secure a consumer’s data.
Much Work Lies Ahead
Although biometric authentication continues to evolve, one of the many reasons it is growing is due to its convenience and reliability. Like any identification method, there are plenty of risks involved. The fact that researchers have found apparent vulnerabilities within this methodology should alert all who are currently using biometrics as their only authentication method.