Identity verification through a fingerprint or face scan has become familiar to many users. Most already use biometric authentication to unlock a phone, open a door and start a car or manage their bank account. In addition, some devices can also recognize voice, as well as monitor sleep patterns, heart rate and breathing.
In such circumstances, the question arises of how secure this type of personal identification is. To understand, ESET looked at the different types of biometric authentication, as well as the advantages and disadvantages of using each of them.
What are the most common types of biometric authentication?
1. Fingerprint scanning
Many countries use fingerprints when issuing ID-cards and passports of citizens, as well as for tourist visas. In addition, government agencies have long used biometric data to identify intruders and solve crimes. Although this technology has been used for a long time, it gained its greatest popularity after the release of a new Apple smartphone with this feature in 2013.
However, now fingerprint sensors are actively used on Android phones. Different brands have different approaches to their models. Sensors can use light to create images on a print, or ultrasound by reflecting a pulse of inaudible sound from a finger.
Although fingerprint recognition is a reasonably secure authentication method, it all depends on the reliability of the device you are using. When it comes to data protection, most major manufacturers such as Apple, Google or Samsung store the user’s fingerprint locally and not online.
Thus, when you use your fingerprint to sign in to a service or account on your phone, the program will only receive the digital key, not your biometric data.
2. Face recognition
What recently seemed like science fiction has now become another common method of identity verification. Now the facial features of a person are enough to open the door, unlock the smartphone, confirm payments and gain access to all accounts in various applications. Face recognition technology can work in many ways: simple image comparison, video sequences, 3D data, or image composition across multiple cameras.
The simplest systems, usually found in cheaper phones, can compare your face to a pre-stored image. Other systems use indicators such as the distance between the eyes, the size from the forehead to the chin, or the shape of the contours of the lips. At the same time, this technology also does not always work flawlessly.
In addition, the possibility of its use for malicious purposes is not ruled out. Although it is up to each user to decide whether to choose a biometric authentication method on their phone, we are not in a position to control security cameras in public places.
3. Voice recognition
“Hey Google” or “Hey Siri” are simple commands that you can use to interact with your phone’s voice assistant. It is they who represent voice recognition systems that respond only to specific voice commands.
When setting up your phone, you need to say a few sentences aloud to allow the algorithm to learn your voice characteristics. The more you talk to a virtual assistant like Google, Siri, or Alexa, the better it will recognize your voice.
What are the data security risks?
Biometric authentication is convenient, but this identity verification method also creates new privacy and security challenges. While this technology can replace the need to create long and complex passwords, it also poses a risk of identity theft.
In particular, hackers can access and sell information to attackers who can, for example, create forms of your fingerprints and use them to access your home or devices without your knowledge or consent.
Devices like fitness trackers and smartwatches are increasingly aware of your heart rate, sleep patterns, breathing rate and other physical data. In the near future, even such biometric data may be enough to identify the user. Although these technologies have different options for the future, you should take care of your own security and privacy today.
In particular, you can protect your smartphone from various Internet threats using a program that can protect data on the device, as well as take care of the safety of your money when making online payments.
ESET is an expert in the field of protection against cybercrime and digital threats, an international developer of IT security solutions, a leading provider of threat detection technologies. Founded in 1992, ESET today has an extensive partner network and offices in more than 180 countries around the world. The head office of the company is located in Bratislava, Slovakia.