Biometric is a security mechanism used for authentication and providing access to an individual based on verification of one’s physical characteristics which are pre-stored in a biometric security system or scanner. It is the technology used for measuring and analyzing biological data. Biometric solutions include fingerprint recognition, iris and retina recognition, face recognition, voice recognition and latest technologies like behavioral recognition. From MasterCard wanting to use the heartbeat data to verify purchases to Google’s Abacus Project planning to monitor the usage patterns like voice patterns, typing patterns etc. to confirm that it is a specific individual and not a fake person using the device; it is sure that the appetite for biometrics is expanding rapidly. Biometrics is being considered by both big and small ventures in recent times.
India's national ID program called Aadhar is the biggest example of biometric security. It is the largest biometric database in the world. It is planned to be helpful in various areas like criminal forensics and identity, as a ration card, for opening a banking account, for social security and healthcare etc. it can also prove to be problematic in case of a compromise or breach or if information is used for purposes which were not disclosed to individuals.
Let us look at some of the benefits of using biometrics:
Biometrics is extremely hard to fake. A biometric property such as a fingerprint or an eye scanner is unique by definition for each individual.
It also provides an increase of convenience. Following all the best practices, makes the passwords strong but at the same time makes it complex. Changing it frequently for security reasons can cause some inconvenience in terms of remembering and creating a new complex password every time.
Biometrics are stable and enduring, which means it changes very little over the course of one’s life and can identify a person in spite of little variation over time.
Biometrics provides strong authentication and accountability, which someone cannot later renounce or reprobate having taken an action.
Using dynamic or behavioral biometric measure, advantage of two-factor authentication can be taken
Easiness of use is another major advantage over password based authentication. People in general find fingerprint, retina and voice scanning an easy option for authentication that too with minimal training (if required).
The biometric servers usually require very less database memory, as the templates use small storage.
- Other advantages include safety as biometrics are non-transferable like passwords and less time consuming. Average identification time for an identity is 5 seconds. Also, the biometric attribute of an individual can only be lost in case of major mishaps.
Although biometric security seems the safest measure of all till date, but it has its own inherent challenges.
Following are the Cons associated with Biometric solutions:
One of the major challenges is the process by which the biometric is captured and mapped to an identity. Lack of accuracy in capturing, partial capture of data and binding can lead to failure of the system.
Privacy is one of the biggest concerns of the biometric solution. If the servers storing biometric information is hacked, it could have extremely serious consequences for individuals. An example of the breach is the U.S. Office of Personnel Management (OPM), which was hacked resulting in the theft of 5.6 million fingerprints. The biometrics were stolen along with a lot of data of each person.
Error in biometric devices i.e. false reject and false accept. This is usually due to the particular biometric technology being unable to read the characteristics of a given person for various reasons. The false accept is a scenario in which the device accepts an unauthorized person, and the false reject is the scenario in which the device falsely rejects an authorized person.
Another major drawback is the high cost which is involved in getting the systems up and running and also storing and maintaining the biometrics.
Integration into the security program is another issue which is relatively complex when compared to the deployment of password-based solutions.
User acceptance is a significant challenge, especially if individuals are uncomfortable with the idea of biometrics and see the technology as privacy invasive.
- Apart from these, there are various other challenges like one cannot change the retina or facial scan (which is very specific to the type of solution in place) in case one thinks that his security has been compromised at any point. Also, it is not in favor for a physically challenged person.
In conclusion, we can say that although biometric security is surely a breakthrough and becoming more advanced and prevalent with latest technologies but there are both positive and negative aspects of it. Fingerprint readers have been fooled using Play-Doh and facial scanners using a special pair of glasses. If biometrics is accompanied by MFA (multi-factor authentication) then probably we can say that it can lead to a comparatively safer security solution.
Authored By - Anukriti Verma
TCS Enterprise Security and Risk Management
Rate this article: