Will All of Your Security Woes Disappear After Switching from Passwords to Biometrics? No, They Won't
In 2004, almost exactly 15 years ago, IBM launched the ThinkPad T42 – the tech giant's first laptop with a built-in fingerprint reader. Big Blue officials expressed their confidence that their biometric system will 'set a new standard for computer makers to follow'. It's safe to say that things didn't quite work out that way.
If we have to single out a device that has sparked something of a revolution when it comes to biometric authentication, it has to be the iPhone 5S which came out some nine years after the T42. Nevertheless, the revolution is now a fact, and you'll be hard-pressed to find many people willing to dispute this. There is some debate, however, and it revolves around whether biometric authentication helps make the internet a safer place or whether it's just a feature that brings more convenience.
Additional security, more convenience, or a combination of the two?
There's no denying that unlocking a device or logging into an account with the help of biometrics is easier. The traditional alternative, entering a complex password, could be a bit of a nightmare, especially on mobile devices. By contrast, modern fingerprint readers and facial recognition devices are fast, reliable, and easy-to-use – the three characteristics that internet users are after.
Many people will undoubtedly see the security benefits as well. Every year, infosec companies publish lists of the most widely used passwords, and every year, we see the same woeful entries like "123456" and "password" leading the pack. By contrast, your fingerprint and retina scans and your facial features are unique to you which means that in a sense, biometrics lets you protect your data with truly unique and complex passwords without forcing you to create or remember them.
Biometric data has one more advantage over passwords. Using a stolen password is easy. It involves nothing more than copy-pasting it in the correct field or using an automated tool to do this for you. Accurately replicating a part of the human body, on the other hand, is a bit more complicated, especially if you want to attack many people at once.
All in all, provided it's implemented correctly, for most regular users, biometric authentication does bring numerous security advantages. There is one flaw with biometric data, though, and it's a big one – it's not replaceable.
Biometrics' big problem
If you have one of your passwords compromised, swapping it for a new one is usually a fairly straightforward process. If your unique fingerprint data is stolen, however, you can't just take your thumb off and put a new one in its place. The same goes for your retina, face, and any other part of your body that could be used for authentication.
The technology that enables biometric authentication has come a long way since the clunky, expensive fingerprint readers that were once attached to PCs and laptops, and it's still moving as we speak. In much the same way, criminals are continuously improving the techniques they use to steal and abuse biometric data. The one thing that is not evolving at such a rapid rate is the human body, which is why, although it will improve many users' security, biometrics won't solve all our problems.