by Paul Rudo on 07/04/12 at 7:55 pm
It seems like every science fiction and spy film features some form of biometric security mechanism in order to guard access to precious jewels, powerful weapons or life-changing secrets. If we are to believe what Hollywood has been telling us, then the future of computing should be dominated by retinal scans, fingerprint scans, and voice recognition.
But why hasn’t biometric identification taken off in the real world? The technology certainly exists, and most of it is cheap enough to be accessible to the average consumer.
Despite relatively cheap and easy access to biometric security, these authentication methods are still relatively uncommon. And there are a few good reasons for this.
Privacy: Many employees feel uncomfortable with biometric authentication since this analysis of their body can feel very intrusive.
Persistence Of Identity: Most of us have multiple personas, depending on who we’re interacting with. For this reason, we maintain multiple email accounts, multiple credit cards, and multiple bank accounts. We also arrange our social networks as a series of “circles”, depending on the level of intimacy you share with other members of your social networks. But with biometrics, a single piece of identification can be used to track you anywhere. You use the same fingerprint at the bank, at the office, at the gym, at the doctor’s office, etc… This persistence of identity strips people of their anonymity and makes people uncomfortable.
Supervision Required: Most forms of biometric authentication can be fooled or circumvented using technical tricks. This is why many forms of biometric authentication only work if there’s a human being on-site to supervise the authentication process and make sure there’s no funny business going on.
Inability To Adapt To Fraud: Once a piece of analogue biometric information has been recorded and converted into a digital format, it is stored in a database just like any other password. However, this is a password that can never be changed. If this data is obtained through unscrupulous means (ex: a hacker intercepts a network transmission from a scanning device), it can be used to impersonate the subject of this biometric data. If someone steals your credit card, you simply cancel the card. But it’s not so easy to destroy your iris to prevent fraud.
Disabilities: If someone is missing their hands, fingerprint scanning is of little use. And voice recognition is of little use to a person who can’t speak due to a throat injury.
People’s Bodies Change Over Time: Despite the common misconceptions, fingerprints can be altered after years of heavy wear. And injuries or illness can also cause biometric identification to fail.
Single-Factor Authentication: Most implementations of biometric authentication rely strictly on the biometric information, without ant secondary identifiers such as RFID cards or passwords. Single-factor authentication is very weak and open to breaches.
Liability: In the event that a user account is breached, the organization may be subject to additional legal problems since the employee’s personally identifiable information was also leaked as part of the incident. The employee may be subject to identity theft or fraud as a result.
Reliability: Most biometric methodologies work best when there is a small sample size to work with. When dealing with large groups of candidates, the likelihood of strong similarities between individuals increases and the systems can begin producing false positives and denial of authorized individuals.
Extra Hardware Required: Another major drawback that biometric identification has – when compared to good old passwords and usernames – is the fact that you need to purchase new hardware in order to use it. If a fingerprint scanner breaks, you can’t work until you find another. But with traditional authentication methods, you can log in from any authorized computer which has a keyboard and a mouse. This convenience is especially important now that businesses are relying heavily on cloud-based applications.
Although biometric identification isn’t quite practical enough for everyday use, there are still a number of situations where they can be very useful. A perfect example of this would be in a factory with hourly workers, where there is a strong incentive for “buddy punching”. (One employee signs in early using another employee’s credentials in order to log extra hours) This problem can be averted through the use of biometric fingerprint scanning.
But for most other common computer security purposes, traditional multi-factor authentication methodologies will continue to dominate well into the foreseeable future.