In this article:
As hackers and identity thieves have gotten more sophisticated in their practices, a password alone may not be enough to keep all our personal information completely secure. Enter biometrics—a new way of verifying your identity that uses physical and behavioral traits, not easily hackable passwords.
A step beyond two-factor authorization—which uses a password and secondary confirmation—biometric authorization uses things like fingerprints, facial recognition or voice recognition to verify your identity. This technology is used in highly secure facilities and, recently, has become more a part of our lives via the laptops and smartphones we use every day.
As the risks of cyberattack and identity theft don't seem to be going away, it's important to know what technologies are available to protect ourselves, and our data, the best we can. Read on to learn more about biometrics and how it can help.
How Does Biometric Verification Work?
With biometrics—you are the password. And if you have a newer iPhone or Android device, you already have first-hand experience with this technology if you use your fingerprint or face to unlock your device.
In order to use biometrics to verify your identity, you need to first register or store an input that can't be replicated without your presence such as a fingerprint or a scan of your face. When you access the system later, you'll provide the same input and it'll be compared against what's stored.
There are two main categories of biometric inputs, physical and behavioral:
- Physical biometric inputs include things like fingerprints, facial patterns, handprints and eye patterns. Depending on the biometric device used, one or more of those features are scanned and checked against your profile to verify that it's you.
- Behavioral biometric inputs may be your voice, location and typing patterns, and may be deployed on their own or in addition to physical inputs. When accessing a system that uses behavioral biometrics, you may be prompted to say something out loud so it can verify your voice. Other behavior, like the way you type, could also be used to verify your identity on some devices.
For most biometric systems, there are three components that process the biometric input:
- Sensor. A sensor is what reads your biometric input, whether it's behavioral or physical.
- Computer. The computer in this case is the system that stores the data your input will be compared against when verifying your identity.
- Software. The software helps to process this whole transaction, acting as the intermediary between the sensor and the computer. The software will do the thinking, processing your biometric input, looking for the matching profile and approving or denying the authorization.
That all comes together in practice like this in a system that uses fingerprint biometrics: The sensor is the part you'll touch so your fingerprint can be captured and sent to the computer. The computer will then use software to verify your fingerprint against verified fingerprints in a database and decide to grant you access based on whether it finds a match.
Strengths and Advantages of Biometrics
The main advantage of using biometric authentication is simple: it's much harder for a fraudster to fool a system that uses your unique physical characteristic to verify your identity. Even if you create complex passwords and change them frequently, it only takes one data breach for your password to slip into the wrong hands. By using biometric authorization, you're putting up another barrier to keep others out of your account.
Another advantage of using biometrics for security is that it lends itself well to fast-paced secure environments. Since biometrics can be used with a quick touch or glance at a camera, it enables a high level of security, with a low amount of time or effort required.
Where You Might Find Biometric Features
As any fan of police procedurals knows, using a fingerprint or other physical characteristic to verify an identity is nothing new, but its presence as a security feature in consumer and professional electronics has taken off in recent years.
Newer iPhones and Android cellphones use fingerprint and face identification features as a replacement for passwords. Workers in factories, plants and some offices may have encountered fingerprint authorization being used on the time clocks they use to punch in and out. If you've flown recently, you may have noticed Clear kiosks, which use biometric technology to get you through airport security lines more quickly by verifying your identity using face and fingerprint scanners.
As more companies step up to improve the privacy of user data, and as more consumers become aware of security risks they help prevent, biometric technologies look like they will become increasingly prevalent. In 2017, a study showed that fingerprint scanning was the most popular form of biometric authorization, followed by facial recognition. Voice recognition is popular for applications that involve remote authorization, like verifying your account details over the phone with your bank.
The Risks of Biometrics
Though biometric technology is meant to provide increased security, there are still a few things to be aware of. Here are some of the main risks to look out for when using biometric verification:
- It's not foolproof. A fraudster could theoretically obtain a copy of your fingerprints or a high resolution picture of you and use it to fool a biometric device. This would be difficult to do, but is still a possibility.
- It requires high security standards. While biometric technology might keep your information within an account more secure (think of the data on your phone or computer) the storage of the biometric data itself needs to be secure too. Since biometric information is unique and can't be changed, it's important that the companies storing this data employ extra security to make sure it's protected. A hacker obtaining your fingerprint data can have deeper implications over a password you can easily change.
- There can be legal limitations. Finally, firms that use biometric technology for employee tracking—like those that have biometric attendance time clocks—need to be aware that certain states have legal guidance for how biometric data can be collected. Illinois, through the Biometric Information Privacy Act, was one of the first states to enact comprehensive regulation of biometric information, and requires that companies obtain written consent before collecting biometric data and clearly disclose how they plan to use the data collected.
How to Protect Biometric Data From Theft
While biometrics can go a long way to protect your personal information, you still need to be vigilant when using this technology. Hackers are always looking for ways to obtain your sensitive information, so no matter how secure or innovative a technology, it's always good to stay on your toes.
Here are a few tips to stay secure when using biometrics:
- Keep your software updated. If you use biometric verification on one of your devices, make sure to always keep your software up to date. Software may be continually updated not only to add new features but to address bugs or security vulnerabilities. While you may not know those bugs existed, hackers do, and a recently released update may have already fixed them. Keeping your software up to date can help protect your device from being compromised.
- Always be aware of who is collecting your biometric data. No matter how you are using biometrics, you'll always want to know who is storing this information. As with any personal data, you'll want your biometric data to be stored safely and securely.
- Opt out if you don't want to use biometrics. If you're concerned by how your biometric data may be used, you may be able to avoid it entirely by opting for another identity verification method. Apple, for example, allows users to easily opt out of its Face ID facial scan biometrics feature and instead use a conventional password. This may not be an option with everything, but it doesn't hurt to check.
As always, if you're worried about protecting your personal information, consider enrolling in Experian's identity theft monitoring, which scans the web and alerts you if it finds that your information has been compromised.