Your IP: Unknown · Your Status: Protected
Unprotected
Unknown
Blog In Depth

What is biometric data and is it safe?

Futuristic eye-scanners and voice-activated doors aren't just the stuff of Hollywood spy thrillers. We can now unlock devices with our faces and thumbprints; biometric technology is the new normal. It’s often presented as the easiest and safest way to protect a smartphone or a high-security location. After all, no one can steal your fingerprints…right?

Malcolm Higgins

Malcolm Higgins

Jan 11, 2021 · 5 min read

What is biometric data and is it safe?

Perhaps it’s not so simple. Have we really considered the implications of storing and using biometric data? It may be convenient, but is it safe?

What is Biometric data?

Biometric identification is a system that helps recognize a person based on their unique physical features. In this article, we'll be referring to those features as “biometric data”.

There are over 20 unique identifiers including fingerprints, facial features, and vocal characteristics. We’ll look at these and others in more depth later on.

How does biometric authentication work?

Biometric technology is used to authenticate an individual’s identity. This is already a feature in many personal devices, but it’s also employed for additional security in highly-restricted areas. Governments and corporations are turning to biometric authentication to protect both physical and digital locations.

Regardless of who is using them, all biometric security systems will contain three key elements:

  • The sensor that captures the biometrics.
  • A storage device to hold the original data.
  • Software to compare the two.

The process of authentication is quite simple; let’s take the example of a smartphone with a fingerprint sensor. When setting up the biometric security system, you provide your fingerprint and your device stores this data for future use. Now, before accessing the phone, the system will compare your fingerprint with the one on its database. If they match, you can unlock your phone.

Below is a list of the most popular biometric identifiers and how the authentication works in each case.

  • Fingerprint scanners: One of the most recognizable and popular types of biometric data. In most use cases, a built-in scanner examines the ridges of the finger to authenticate the individual. In some devices, the camera doubles as a fingerprint scanner.
  • Voice recognition: Recently, the number of smart devices in homes has exploded. Devices like Amazon Alexa and Google Home are getting better at understanding commands and following speech patterns. They're also learning about the people around them. These devices can even identify the speaker by analyzing unique sound waves in their voice.
  • Facial recognition: In its infancy, facial recognition software had to store a user’s image and compare it to a new photo every time someone tried to gain access. Now, this technology scans for unique patterns in the user’s face, and can even recognize people when they change their makeup or facial hair.
  • Iris recognition: While not as mainstream as facial recognition, iris authentication is often considered to be more secure. Iris recognition is becoming popular in areas with restricted access, like government buildings and corporate labs.
  • Hand geometry: Hand geometry uses the specific physical features of each hand to identify its owner. These identifiers include thickness, skin tone, and distances between various points on the palm and fingers.

Myths and misconceptions about biometric data

Hollywood movies depict biometric data as a virtually impenetrable defense. The criminals in these fictional stories often have to resort to using a victim’s severed finger or eyeball to bypass security.

Of course, the reality is far less macabre. Criminals don’t need to chop anyone's limbs off to get around biometric sensors. Still, these representations are indicative of the misconceptions that many people still have. Let’s dispel some of the myths that persist around this subject:

Myth 1: Biometric data is private

It is not. You upload selfies to the internet, you’re filmed on the street, and there are hundreds of documents that contain your signature. Most of the popular biometric identifiers like your voice, face, and fingerprints can be extracted remotely. If you use social media, all of these physical features may be completely accessible to criminals through your photographs and videos.

You might own your fingerprints and your voice, but you're not the only one who has access to those uniquely personal elements.

Myth 2: Biometrics can’t be hacked

It's true that the biometric data you use to open apps and unlock devices is not easily obtainable. In most cases, it's stored as encrypted binary code rather than image files. However, a simple rule applies here: recorded data is hackable data. There's no doubt that cybercriminals want your biometric data, and have ways and means of obtaining it — and these methods will only become more sophisticated as time goes on.

Myth 3: Biometric data is an upgrade from passwords

Biometric authentication can seem like a modern evolution of the old-fashioned password but it’s far from impregnable. In 2014, hacker Jan “Starbug'' Krissler proved this when he used photographs to recreate fingerprints from the now president of the European Commission, Ursula von der Leyen. With these 2D images, he was able to unlock her smartphone. You know what could have prevented the hack? A password. Nevertheless, biometrics can greatly improve your security as one layer in multi-factor authentication.

Is biometric data abuse common?

Let’s leave hackers aside for a moment; there are plenty of other reasons to be concerned about widespread biometric data use.

For one thing, there’s corporate abuse. Private companies, like facial recognition startup Clearview AI, scrape the internet for facial images and then sell the data to the highest bidder. Over 2200 organizations — including universities, law enforcement agencies, and supermarkets — use Clearview AI’s 3 billion-photo database, without any accountability or oversight.

Compounding the problem is the fact that biometric identification isn't always reliable. The New York Times recently highlighted the case of a black man from the US who facial recognition systems misidentified. This technical error resulted in the man facing real jail time.

Then there was a 2018 incident in Australia. Police there tried to identify potential criminals following a football match, and their facial recognition tech misidentified 92% of those profiled. “No facial recognition system is 100% accurate under all conditions,” a police spokesperson explained. Worried? Well, you should be.

How to protect your biometric data

Biometric data seems to be here to stay, and its use will only grow more prevalent in the future. However, a security-first mindset and some common sense could still help you protect yourself from the negative repercussions of this tech.

  • Think carefully before you opt into using biometric data. Biometric authentication will become more popular, but that doesn't mean you always need to use it. Before you allow a new app to scan your fingerprint, take a second to think about security risks. Perhaps it’s safe to use biometrics with your banking app, but a new social media service could stay password-protected. Take it on a case-by-case basis.
  • Use biometric data for two-factor authentication, along with strong passwords. Passwords are not going anywhere. And unlike biometrics, you can change your password whenever you feel like it. Focus on creating strong, hard-to-guess passwords; if you want to use biometric data, include it as part of two-factor authentication.
  • Contact your local government. Some US states, the European Union, and other regional governments are already taking steps to regulate the use of biometric data. This could be a huge part of data-security and the personal privacy debate in the future, so get involved. Find out what your government representatives think about biometric security and make your own voice heard.