We agree that biometrics can provide a strong authentication method, and are appropriate for use in high value, critical transactions such as passports etc….. However, the debut of biometrics in both Apple’s and more recently Samsung’s flagship smartphones as fingerprint readers was hardly a success, with both being compromised within hours of their release by a simple hack by these German researchers using techniques reported 14 years ago:
If you think the techniques described to capture a fingerprint are far fetched, hackers today are quite happy to covertly film people using ATM machines to capture PIN numbers….. Once the criminals see a benefit in capturing finger prints, they will do it.
Biometric security is not infallible and its use carries significant risks for both the individual and corporates that use it.
Many haven’t thought through the full consequences of the use of biometrics, particularly the issue of compromise, and the data protection issues. By making more widespread use of biometrics, they become the natural target of the hackers.
In contrast to a password being compromised (which is of course a bad thing), the crucial difference is that once a person’s biometric information is compromised, it represents an irrecoverable breach. You can’t grow a new thumb…..
In Europe, the implications of the new General Data Protection Regulations will be profound, requiring organisations to take greater care than ever with personal data, especially biometric data, since the consequence of breach is so serious.
Recently, the influential EU Agency for Network and Information Security survey of the financial sector concluded that “because of the associated risks, the financial sector is still not prepared to use biometry neither as a unique authentication factor nor a second authentication factor”