If you own a relatively new smartphone, the chances are that you use biometric data to unlock your device. Biometric data is used by a whole range of institutions, including by most banks, to verify the identity of users.
The biometric market’s value is predicted to reach over 55 billion USD by the end of 2027 as more industries jump on the trend of using it to verify users. The applications for using biometric data are vast and varied, but its fast adoption is making many customers wonder how safe biometric data really is.
Compare VPNs With TechRound
| Name | Price | Offer | Claim Deal |
|---|---|---|---|
Surfshark | £1.69 per month | 30-day money-back guarantee + 3 months extra | Get Deal >> |
| CyberGhost | £1.99 per month | 45-day money-back guarantee | Get Deal >> |
| Private Internet Access | £2.19 per month | 30-day money-back guarantee | Get Deal >> |
What Is Biometric Data?
Biometric data refers to personal data that results from the specific technical processing of some of your human characteristics. In other words, it is live biological data. The most famous forms of biometric data are facial recognition and fingerprint analysis, although these are by no means the only forms of biometric data.
What Is Biometric Authentication?
Biometric authentication allows you to use your biometric data to verify your identity. A system can use your biological data to confirm whether a user is who they say they are.
What Are Some Examples of Biometric Authentication?
Biometric authentication can be physical or behavioural.
- Examples of physical biometric authentication include:
- Facial recognition
- Fingerprint analysis
- Voice recognition
- Iris or retina scanning
- Ear shape recognition
Examples of behavioural biometric authentication include:
- Keystroke analysis
- Handwriting analysis (usually of a signature)
- Gaze analysis
How Does Biometric Authentication Work?
Your biometric data is used like a password. When you enrol into a system (for example, registering with a bank), your biometric data is registered and stored in the system’s database.
The next time you want to log on, you need to display your biometric data again, and it must match what the system already has on their database.
With passwords, this requires a 1:1 match. However, this is almost impossible with facial recognition, for example, because your face looks different at different angles, or in different lighting, or when making different expressions.
For this reason, the system usually assigns you a ‘risk score’, determining the likelihood that you are in fact the same person whose data is stored in the database. If your score is above a predetermined threshold, the system counts this as a match.
What Are The Benefits of Biometric Authentication?
There are several benefits to biometric authentication that make it a popular choice. For example, they are hard to imitate, they are securely stored, and the system evolves with every login attempt.
Biometric data is harder to imitate than passwords. A system will grant access to anybody who holds the correct password. There are plenty of programs that criminals use which run thousands of combinations of different numbers and symbols until a password is found.
Beyond this, a lot of people are just not very secure with their passwords, and either share them or choose ones that are too easy for people in their lives to guess. With biometric authentication, users do not have to worry about this, because their ‘password’ is on their bodies.
The probabilistic nature of biometric authentication also makes it safer. This may seem contradictory, because biometric authentication does not require a 100% match, and passwords do. However, biometric authentication focuses on authenticating the right user instead of allowing access to anyone who can obtain a 100% password match.
Despite this, organisations are free to set their security thresholds as high or as low as they like, at the risk of occasionally denying access to users who should be able to have it, or making the criteria too loose and insecure.
Compare VPNs With TechRound
| Name | Price | Offer | Claim Deal |
|---|---|---|---|
Surfshark | £1.69 per month | 30-day money-back guarantee + 3 months extra | Get Deal >> |
| CyberGhost | £1.99 per month | 45-day money-back guarantee | Get Deal >> |
| Private Internet Access | £2.19 per month | 30-day money-back guarantee | Get Deal >> |
What Are The Risks of Biometric Authentication?
When the threshold is too low, the chance of a false match becomes much higher. A system might have a lower threshold for a variety of reasons. For example, during the mandatory use of face masks, people were frustrated by their inability to use facial recognition to access their phones, and were given the option to lower the threshold so that they could unlock their phones even using their masks.
Another risk is false rejection. When the threshold is too high, the rightful user might be rejected. This can be inconvenient and time-consuming to fix, as you usually have to call a support team to get this fixed.
Biometric authentication is also vulnerable to algorithmic bias. This is when a system is more accurate when authenticating people of a certain demographic – for example race, age, or sex.
It has been documented (for example in a 2020 study by the Biometrics and Internet Security Research Group) that facial recognition technology has a lower classification accuracy for dark-skinned women compared to other groups. This often depends on the data that informs the algorithm.
Is Biometric Authentication Safe?
For now, yes. For example, Apple’s Face ID has a 1 in a million chance of a false match. This is much lower than the probability of getting your four-digit passcode hacked, which is around 1 in 10,000.
However, as biometric authentication technology improves, so does the technology used by hackers. Hackers have already successfully tricked the Galaxy’s iris scanner with a fake eye, and Apple’s Face ID has been hacked by Vietnamese cyber-security company Bhav using a mask.
In 2020, Talos Intelligence Group used 3D printing to create a fake fingerprint, which was used to successfully access devices locked by fingerprint analysis. The researchers’ success rate was 80%.
However, most people do not need to worry about having their eyes and fingerprints cloned via 3D printers. The average civilian is at very little risk of this, as these processes are extremely complicated and time-consuming, especially when 4-digit passcodes are still being used.
