According to the Department of Homeland Security, Biometrics are “unique physical characteristics, such as fingerprints, that can be used for automated recognition.” In plain language, they are simply body measurements and calculations. In the case of the government, biometrics are used to detect and prevent illegal entry into the US, grant and administer immigration benefits, enforce federal laws, and more.
For the average citizen, this fast-evolving technology allows access to smartphones, smart-homes, and even bank accounts.
Soon, however, biometrics may do a whole lot more, raising concerns about privacy, security, and ethics. Find out what that might mean for you.
Different Types
The original biometric was the ink-fingerprint process that is still in practice today. But in the future, the use of biometrics will continue to expand, with a variety of different types and levels of security. Research is currently underway for recognition involving ear shape and facial thermography. The US Government is also looking into technology that measures a person’s gait as well as their heartbeat.
Presently, biometric data falls into six major categories, some of which have been in use for the last four decades. According to Norton, the breakdown is as follows:
- Face recognition: This measures the unique patterns of a person’s face by comparing and analyzing facial contours. It’s used in security and law enforcement, but also as a way to authenticate identity and unlock devices like smartphones and laptops. This is often done with infrared cameras that can detect facial attributes even in low light situations and negate the effects of glasses, facial hair, or makeup.
- Iris recognition: This identifies the unique patterns of a person’s iris. Although widely used in security applications and frequently depicted in film and television, it isn’t typically used in the consumer market.
- Fingerprint scanner: This captures the unique pattern of ridges and valleys on a finger. Many smartphones and some laptops use this technology as a type of password to unlock a screen.
- Voice recognition: This measures the unique sound waves in your voice as you speak to a device. Your bank may use voice recognition to verify your identity when calling about your account, or you’ll use it when giving instructions to a smart speaker like Amazon’s Alexa.
- Hand geometry: This measures and records the length, thickness, width, and surface area of a person’s hand. These devices date back to the 1980s and were typically used in security applications.
- Behavior characteristics: This analyzes the way you interact with a computerized system. Keystrokes, handwriting, the way you walk, how you use a mouse, and other movements can be used to determine who you are or how familiar you are with the information you’re entering.
How do they work?
The general gist of how biometrics systems work is as follows: first, you record your own biometric data. The most common examples include a fingerprint or face. From there, the information is stored to use when unlocking your phone a hundred or so times a day.
According to Apple, the chances that someone has a similar enough fingerprint to unlock a person’s phone is 1 in 50,000. For Face ID, that number jumps to 1 in 1,000,000. By comparison, the odds of guessing a four-digit passcode are 1 in 10,000.
A biometrics system consists of three different components: the sensor, the computer, and the software. The sensor is what recognizes your information and reads it when it comes time to unlock your phone or ask Google for directions to the store. The computer is the part of the system that stores the information for comparison. We’ll discuss this a bit more when we talk about privacy.
Lastly, every biometric system needs software. This is simply whatever connects the computer to the sensor.
Only recently have we seen biometrics expand to commercial users. Its rise in use has simplified life, but it also carries the risk of misuse by cyber criminals, scammers, and others looking to take advantage of citizens.
Are biometrics safe?
Biometrics have made a splash recently due to their ease of use. It is much easier to open all your apps and accounts with the touch of your finger instead of remembering dozens of different passwords. However, this may turn out to be a problem depending on how biometric data is recorded, stored, and used.
According to Norton, there are a few concerns that have emerged from the consumer use of biometrics. The major one is that any collection of data can be susceptible to hacking.
The concern is that biometrics will become so ubiquitous that people might take security settings like two-factor authentication, or the continued use of a passcode in addition to biometrics, for granted because they believe biometrics alone is secure enough.
This may not be true; if biometric data is compromised, it’s not as simple as changing your password. You only have so many fingers, and you only have one face and one pair of eyes.
The good news is that the major tech players Apple, Google, and Samsung do not keep copies of fingerprints or faces on their servers. For Google and Samsung, that data is stored and remains on a user’s personal device. For Apple, biometric data is encrypted on top of being stored locally. Therefore, a hacker would have to compromise a system in order to illicitly gain the credentials he or she would need to then compromise that system.
Smartphones are safe, but what happens as biometrics begin to invade other aspects of our life, such as airport screenings or security at major sporting events?
The concern here is that smaller companies will be involved and lack the resources to secure biometric data. In fact, just last year, a major breach was found in a biometrics system used by banks, UK police, and defense firms, exposing more than 1 million fingerprints stored in the system.
How do I help protect this data?
Many of the recommendations for protecting this type of data are identical to cyber security advice we’ve posted in the past. Strong passwords remain as important as ever, even though biometrics make unlocking your devices much easier. By keeping your biometric data in a few select places, you can give hackers fewer places to access your data.
The best way to keep this information secure is to make sure your software is current and updated. Nowadays, system updates and security patches are the norm. Many operating systems produce updates monthly, but it is up to the user to initiate them.
Don’t hold off—any time elapsed between the release of the update and triggering it is time that a hacker can exploit the vulnerabilities that the update corrected.
After all is said and done, if you’re still worried about your data security, you can always opt out of providing it. You can purchase a smartphone that doesn’t require biometrics or disable the software within your settings, but this may leave you more vulnerable to the average criminal.
Regardless of how you feel about biometrics, it is important to stay on top of where your data is stored and what applications, devices, and people have access to it.