Should Your Business Incorporate Biometric Identification?

<p>In today’s world&comma; data security is largely composed of passwords&comma; ID badges and the like&period; The inherent flaws in these forms of identity verification&comma; which are based on things the user knows or has&comma; become clearer with each successive media report of a huge corporate data breach&period;<br &sol;>&NewLine;Biometric authentication techniques&comma; which verify identity based on some physical or behavioral trait of the user&comma; relies not on something the user has or does&comma; but on something the user is&period; Biometric identification is already in use in a number of corporate and government capacities and may soon appear in consumer products&period; But biometric identification techniques are by no means foolproof — and they’re often costly&period;<&sol;p>&NewLine;<h2>Types of Common Biometrics<&sol;h2>&NewLine;<p>While some biometric authentication techniques are still in the development stages&comma; a number are already widely used&period; These include&colon;<&sol;p>&NewLine;<ul>&NewLine;<li>Fingerprint scanning<&sol;li>&NewLine;<li>Hand shape scanning<&sol;li>&NewLine;<li>Retinal scanning<&sol;li>&NewLine;<li>Voice verification<&sol;li>&NewLine;<li>Signature verification<&sol;li>&NewLine;<li>Iris scanning<&sol;li>&NewLine;<li>Facial recognition<&sol;li>&NewLine;<&sol;ul>&NewLine;<p>Biometrics in development include vein pattern scanning&comma; palm-print scanning&comma; gait analysis&comma; ear analysis&comma; and even body odor analysis&period;<&sol;p>&NewLine;<h2>Why Aren’t Biometrics More Common&quest;<&sol;h2>&NewLine;<p>At first glance&comma; biometric identification seems to have a significant advantage over security measures such as passwords since it relies on users’ inherent traits&semi; unlike a password&comma; biometric forms of identification cannot be stolen&comma; copied or shared&period; Biometric identification devices could prevent fraud in financial transactions and keep the personal data we store in our phones and computers safe&period;<br &sol;>&NewLine;In situations where data security is paramount&comma; biometrics is already widely in use&period; It is accurate and safe&period; After all&comma; you can’t steal someone’s fingerprint&comma; right&quest;<br &sol;>&NewLine;Actually&comma; you can&period; Japanese cryptographer Tsutomu Matsumoto demonstrated in 2002 that he was able to fool a fingerprint scanner using a fake finger he made out of gelatin&period; Fingerprints&comma; while unique&comma; aren’t exactly your most private identifying trait&semi; you leave them on everything you touch&period; Matsumoto was able to lift fingerprints from a glass&period; His gelatin finger was easy and inexpensive to make&period;<br &sol;>&NewLine;German hackers Lisa and Starbug have further demonstrated that facial recognition systems and even iris scanners can be fooled by high-resolution photographs&semi; those systems that check for head movement can be fooled using video footage&period; These weaknesses underscore the need for a two-factor authentication process that identifies users based on a pair of biometric parameters&period; Some procedures&comma; like passport control&comma; rely on human oversight to help prevent false verification&period;<br &sol;>&NewLine;Another inherent flaw in biometrics is the fact that physical&comma; and even behavioral&comma; identifying traits change&period; An injury to the fingertip&comma; for example&comma; could make a fingerprint scanner reject a valid user&period; An eye patch&comma; a beard&comma; a hat&comma; a pair of glasses or even a different haircut could cause a facial recognition scanner to reject valid users&period;<br &sol;>&NewLine;These are things businesses must take into account before incorporating a biometric system of worker identification&period; Many companies get around this by placing biometric information on a token&comma; so that it remains constant&comma; but making enough tokens for every employee adds up&comma; especially when somebody loses one and needs a replacement&period; For a company trying to protect its trade secrets&comma; there may be no better option&semi; but for consumer products like phones&comma; changes in identifying traits could definitely cause some user hiccups&period;<br &sol;>&NewLine;Perhaps the most troubling flaw of biometric identification is the fact that&comma; if your biometric information is compromised&comma; you can’t just change it like you would a password&period; When biometrically secured data is breached&comma; it can be impossible to re-secure it&period;<&sol;p>&NewLine;<h2>Biometrics&colon; The Wave of the Future&quest;<&sol;h2>&NewLine;<p>Despite the risks and extra costs associated with biometrics&comma; it’s likely we’ll one day rely on it in our day-to-day lives to secure our personal data&period; The Fast Identity Online &lpar;FIDO&rpar; Alliance is currently working on making things like voice readers and fingerprint scanners as common as passwords are now&period; Rumor has it that Apple is working on a biometrically secured smartphone&period;<br &sol;>&NewLine;Even with all of these flaws&comma; biometrics is still a better protection against fraud than passwords and tokens&period; As technology improves and costs come down&comma; we can expect to see this technology become ubiquitous&period;<br &sol;>&NewLine;<strong>About the Author&colon;<&sol;strong> Contributing blogger David Kemp has worked in corporate information security for over 20 years&period; He’s excited about the security benefits that widespread use of biometrics can bring&period;<&sol;p>&NewLine;