Can biometrics be trusted?

Next story

Image

Consumer level biometrics could be the ‘next step’ in cyber security but can they really be trusted?


Biometrics are becoming more and more commonplace. A large number of modern mobile devices can be unlocked with a fingerprint and some with a voiceprint or even a selfie.

But how reliable are they? Can they be trusted? And are we going to see them replace the humble password at some point in the future?

Mark James, ESET IT Security Specialist, explains that biometrics will never replace the password but they are a perfectly viable layer of security to be used alongside existing authentication methods.


“Masses of information…”


“The problem we have today is the sheer amount of data we store on our mobile devices. You may be reading this thinking “but I don’t store anything on my phone”, well you would be wrong.

“Most phones store masses of information about what you do and how you go about your daily lives. All of this data can be accessed if the wrong person has access to your phone.

“Phone manufacturers are trying to find multiple ways to protect your data: from passcodes or pattern recognition through to fingerprint and facial scanners they all offer a means to protect.

“Some seem more secure than others and some are easier to use, we often try and find a compromise between ease of use and security with the latter usually coming in a close second.

“Fingerprint scanners are pushed as being more secure but that’s not necessarily true depending on how it scans your finger and what other processes are taken into account.

“Simple fingerprint scanning can easily be fooled, if you want to protect your phone then use a passcode as long as you can possibly remember.

“Most of the other techniques can be fooled or spoofed but the only way your “long” passcode can be spoofed is if someone gets a very lucky guess.

Biometrics on their own are not sufficient: just like passwords they are open for abuse or compromise, the only effective way of securing your data is multi layered protection.

“Couple either of those with two-factor authentication and you’re on the way to a safer place to store your data, biometrics on their own are really no different to passwords.”


Do you use any biometrics? Where do you use them?


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.