After we recently discussed password security in our short series “Authenticate, authenticate and authorize,,” today everything revolves around biometric data. The use of biometric features to identify and verify people has increased significantly in recent years – every modern smartphone, notebook, and other device has at least one process based on biometric data. Today’s post will look at what is meant by the term “biometrics,” which biometric methods exist, and which possible risks users can face.
Table of Contents
When we talk about biometric data, we are talking about biological or physical characteristics used to identify people. The most well-known forms include fingerprints, face recognition, and retina scans. What is unique about biometric procedures is their uniqueness: even twins have relatively individual and unchangeable characteristics. So it makes sense to use these features in addition to password systems or even to replace them. The aim of the biometric data is, therefore, to determine (identify) the identity of persons or to be able to confirm (verify) specified identities.
Biometric data is so unique that it can even be used as a security feature in identification documents. While the USA uses electronic passports with a chip on which fingerprints, irises, or a photo of the face are stored, fingerprints in passports and ID cards have been mandatory in Germany since August 2021.
Biometrics is by no means a modern invention. In fact, in 14th century China, fingerprints are said to have been used to confirm the identity of merchants. Law enforcement has been using biometric data since the late 19th century. It is said that the Argentine police used fingerprints to solve a murder for the first time in 1892. Scotland Yard began using fingerprints for law enforcement in 1901. In 1905, biometric data were said to have been admissible as evidence in criminal proceedings for the first time.
Today a distinction is made between biometric processes and biometric systems: Biometric systems are combined hardware and software structures with which biometric identification or verification is possible. These systems work using biometric methods, unique features that can only be assigned to one person. Biometric systems aim to use automated measurements to distinguish certain people from other people using specific features.
Authentication based on biometric features is practical – however, data protectionists fear that privacy will be undermined: It would be too easy to collect personal data without the consent of users. Face recognition, for example, is available in many large cities all over the world, at train stations, on trains, at airports, and so on.
All the data that comes together here must also be stored somewhere. This increases concerns about constant monitoring but also about data misuse. Databases with very personal information – biometric data – could become targets of hackers. Fingerprints, iris scans, and other biometric data could be misused for identity theft.
The risk with biometric databases is similar to that with password databases: If hackers break into the system, they can steal data that has not been adequately secured. However, while passwords can be changed to prevent cybercriminals from entering, biometric data cannot – they always stay the same.
Despite these dangers, biometrics offers effective solutions because the systems are difficult to copy. Biometric data are an excellent addition to password-based login. The danger lies less with the biometrics itself than with the central storage of biometric data. Decentralized and encrypted storage with sole control of the user is therefore preferable to the central warehouse.
Biometric methods are divided into physiological and behavioral characteristics. Concrete:
Behavior-based methods are at least as diverse as physiological characteristics. They are based on the users becoming active. Behavioral biometric solutions usually work together with artificial intelligence (AI) and evaluate how users interact with their devices: With what pressure do users touch their device’s screen? How do you hold your device during interactions? What is the frequency with which users type or swipe on the screen? How do users connect with their environment? Specific behavior can be expected; is the behavior of users consistent with previous behavior?
With the AI onboard, interactions, times and patterns can be recognized and evaluated. Further data such as the IP address, the geographical location, or the transaction history of the device used are used to estimate the probability. Hundreds of data points are analyzed around interactions to determine deviations from the expected behavior. If variations are then detected – for example, that the typing frequency is too fast or the pressure is too high – the systems sound the alarm.
Unfortunately, there are also certain risks associated with the advantages of using biometric data. So that biometric data can be used sensibly and securely, their use must be planned accordingly. One of the risks – as mentioned above – is to store biometric data centrally. Incorrectly secured, central databases with biometric data are a viral target for hackers. But caution is also required with decentralized storage: If biometric data is stored on an insecure device, this device, including biometric data, can also become a target of attack.
It makes sense to use only compressed mathematical files, i.e., templates if biometric data is to be used. With the help of these templates, for which Lower Saxony’s data protection officer also campaigns, excessive information from raw biometric data and thus data misuse should be avoided.
The knowledge of those affected is also essential. Because if those affected do not know the use of biometric evaluation programs, the risk of creating movement and behavior profiles increases.
Biometric processes have long since crept into our everyday lives: The smartphone is unlocked with a fingerprint. Access to certain areas in work is only available to authorized persons who can identify themselves with an iris or face scan. Due to their uniqueness, biometric data are the ideal complement to password-supported login procedures; In some cases, these classic login procedures are even being entirely replaced by biometric data.
But there are also dangers: Databases in which inadequately secured biometric data become the target of hackers. While passwords can be reset, neither with the iris nor with the fingerprint, users face a real challenge once compromised. However, with decentralized approaches, secured end devices, and other protective measures, biometric data are an excellent addition to conventional methods.
Also Read: Fitness Trackers Can Help: Do Sports Despite Exit Restrictions
Hybrid cloud adoption has revolutionized enterprise IT environments. Research from IBM even found that 77%…
Equity investments offer substantial potential for long-term growth, making them a popular choice for individuals…
Do you see it coming, the new trend? The growing concern for data confidentiality? With…
The Mobile Phone Cases And Their Types As cell phones become more important, the need…
AutoCAD will be considered as a powerful tool by the construction, engineering, and architectural sectors…
For the moment, the new lockdown decreed in mainland France spares Reunion Island. If this…