Todd Wasserman

Apr 18th 2018

Biometric Security: How the Fingerprint Is Replacing the Password


If you’ve ever struggled to remember a password, then biometric security might have some appeal. By recognizing physical features that are unique to you — like your fingerprints, face and even your ears — biometric technology allows you to unlock your favorite devices and apps effortlessly in a secure environment.

Old Idea, New Techniques

While various computer manufacturers have experimented with fingerprint-based IDs, the practice saw a huge boost in 2013 when Apple introduced Touch ID for its iPhone. Since then, biometrics have been used to secure all types of applications.

MasterCard and Nymi announced in 2015 that they could authenticate a user’s credit card purchases by measuring the user’s heartbeat, said VentureBeat. Google has also looked into using speech patterns as an identifier under its Project Abacus, TechCrunch reported. Descartes Biometrics uses customers’ ears as biometric markers, according to Wired.

There are parts of China where commuters can use facial recognition to pay for their train or bus fare, according to Engadget. KFC has also experimented with face-based payment in that country, as TechCrunch reported.

Allied Market Research predicts that the global facial recognition market will be a $9.6 billion business by 2022, fueled by targeted advertising. An electronic billboard might discern your age, gender and ethnicity and tailor an ad based on those factors, a la Minority Report.

Security Concerns

Despite the industry’s fondness for biometric security, the current technology is far from foolproof. Body parts can easily be replicated through various methods, putting your financial, medical and personal information at risk.

As Alvaro Bedoya, professor of law at Georgetown University, told Wired, a hacker can “steal” biometric identifiers by lifting your fingerprint from a glass or taking a high-resolution image of your ear.

One security exec was able to hack into Apple’s Touch ID by transferring the iPhone owner’s fingerprints onto a blob of Play-Doh, according to Fortune. The trick also worked for Android and Microsoft-based devices. In 2016, researchers were able to use fake fingerprints to fool biometric systems as much as 65 percent of the time, according to The New York Times. To make matters worse, hackers have compromised millions of fingerprints, per The Washington Post. Similarly, a Vietnamese security company was able to fool Apple’s Face ID with a high-resolution mask, as BGR reported. The company said that Face ID wasn’t secure enough to be used in business transactions.

To their credit, Apple claims that the chance of a false match in its Touch ID system is 1 in 50,000. And Google’s Android system typically takes eight to 10 images of a fingerprint in an effort to thwart hackers, said The New York Times.

The Future of Biometrics

The danger is that the demand for biometric security will prompt a slew of less-than-secure solutions. But the market demand for biometrics will ensure that top-tier companies like Apple and Google will focus on perfecting the technology. As usual, humans are the weakest link in security, so new protocols will need to be initiated to ensure that biometric markers like fingerprints are protected.

The other issue is privacy. It’s an open question whether citizens in the West will submit to facial recognition software everywhere they go. Already, some firms — like Israel’s D-ID, which slightly alters photos so algorithms can’t recognize them — are creating self-defense measures for citizens who want to protect their privacy. More low-tech solutions include wearing sunglasses with hallucinogenic patterns and wearing masks in public.

In the end, consumers might conclude that passwords weren’t so bad after all.