Biometric identification no longer belongs to the realms of science fiction. It\u2019s part of the technologies that are defining the future of cybersecurity and wider crime prevention tactics. Already, fingerprint scanners are standard on mid- to high-end smartphones. That\u2019s the good side. As for the bad side: things like face, fingerprint, iris and voice recognition can also be considered tools of state authority; an all-out assault on personal privacy. But whether we like it or not, biometrics are here to stay, so we may as well make it useful in protecting sensitive personal or business information.<\/p>\n
The good: simplifying and securing access to digital systems<\/h2>\n
There\u2019s an average of 130 accounts associated with every email address<\/a>. That\u2019s a whole lot of usernames and passwords to remember. It\u2019s hardly any wonder that so many people reuse the same passwords for most, if not all, of their online accounts. To make matters worse, a lot of people also favor simple, easily memorable passwords, such as names of pets or children. Not only are these relatively easy to guess \u2013 a brute-force hacking program can usually find them in mere seconds. Then, there\u2019s the constant threat of social engineering attacks, where criminals attempt to dupe victims into giving away their login credentials over email or through a malicious website masquerading as one belonging to a legitimate organization.<\/p>\n We have a password problem, and compromising on digital security is not an option, especially for businesses, which routinely handle sensitive information belonging to themselves and their customers. Instead, they\u2019re increasingly turning to multifactor authentication (MFA) to add another layer of security that\u2019s far harder to compromise. Chances are, you\u2019ve already used it for things like online banking, or whenever you log into your email from an unrecognized device. Even after you\u2019ve entered your password, the system will ask you to verify your identity with a one-time security token, such as a code sent by SMS or a disconnected token generator. But there\u2019s another method that\u2019s rapidly gaining ground \u2013 biometric identification.<\/p>\n Many high-end smartphones and business-grade laptops already feature fingerprint scanners, and facial recognition apps are an emerging technology that\u2019s steadily making its way into the consumer market too. Other less common biometric factors include irises, palm veins and prints, retinas and even DNA. What makes biometrics different from other authentication methods is that they\u2019re inherent to the user, which means they can\u2019t be compromised by your average social engineering scam. It\u2019s also much more efficient to look at a camera instead of manually entering login information or risk saving it on a potentially unsecured device.<\/p>\n Biometric identification is highly effective because we all have distinct biological characteristics which can\u2019t easily be faked or exploited \u2013 although there are exceptions, such as criminal cases featuring identical twins<\/a>. Actually, that\u2019s something of a myth \u2013 while biometrics may seem secure on the surface, that doesn\u2019t make them foolproof. While a password is something that only its owner knows, your biological traits, for the most part, are very much public. You leave your fingerprints everywhere you go, your voice can be recorded and your face is probably stored in hundreds of places, ranging from social media to law enforcement databases. If those databases are compromised, a hackers could gain access to your biometric data. The fact that biometric data can be hacked can have far wider consequences, some of which are extremely worrying from both a security and privacy standpoint. If your password is stolen, then you can usually just reset it and choose a new one. If a hacker has a photo of your iris, you can\u2019t replace your eye \u2013 unless of course, you\u2019re Tom Cruise\u2019s character John Anderton in Minority Report, where he has an eye transplant to hide his true identity<\/a>. Now, while hackers usually prefer less conspicuous methods than stealing body parts to access secure systems, it\u2019s a fact that biometrics can be abused and, once they are, there\u2019s no going back.<\/p>\n Although biometric technologies are getting better all the time, there will always be a margin of error, which presents concerns for both security and privacy. The security concern is that, like any other identification method, biometric identification isn\u2019t perfect and never will be. From a privacy perspective, you could be misidentified as a criminal, and there\u2019s a good chance you\u2019ll remain in the system long after the misunderstanding has been resolved. Another issue is that, since they\u2019re created by people, biometric recognition is innately biased. Most facial recognition systems, for example, are primarily trained with images of white males, which results in higher margins of error for women and people of color<\/a>.<\/p>\n This uglier side to biometrics presents serious challenges for businesses, since they need to store biometric data as securely as possible. If the system is hacked, those affected will face an increased risk of hacking for the rest of their lives. In other words, they\u2019ll never be able to rely on biometric security again. This gives businesses, as well as governments and other organizations which rely on biometrics, enormous ethical and financial responsibilities. That\u2019s why it\u2019s important to consider where the biometric data is stored and to give its owners control over how it\u2019s used.<\/p>\n There\u2019s a line between security and privacy that shouldn\u2019t be crossed. The biggest challenge lies in figuring out exactly where this line is. Government-mandated regulations for the storage and use of biometric data are already being developed to protect personal privacy and security. For example, the Supreme Court of Illinois, US, recently ruled unanimously that employees should retain the right to know how their biometric data is collected and used<\/a>, and that companies should only do so with opt-in consent.<\/p>\n That biometrics are, for the most part, immutable, is both its biggest advantage and worst drawback. While it potentially provides an effective additional layer of security, it can also be a single point of failure \u2013 with potentially disastrous consequences. There\u2019s no denying it offers convenience and a high level of security, but it also paves the way for oppressive regimes and technology companies alike to infiltrate yet another aspect of our personal lives. With privacy being the concern of the century, businesses must be mindful about which technologies they choose to adopt and how.<\/p>\n This article represents the personal opinion of the author.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Biometrics provide a quick and reliable way to identify and authenticate people by their unique physical characteristics. But does it help fight threats like cybercrime, and what does it mean for privacy? <\/p>\n","protected":false},"author":2703,"featured_media":28959,"template":"","coauthors":[4311],"class_list":{"0":"post-28958","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-emerging-tech","8":"emagazine-category-trends","9":"emagazine-tag-biometrics","10":"emagazine-tag-privacy"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/body-recognition-privacy\/28958\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/body-recognition-privacy\/21928\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/28958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/28959"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=28958"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=28958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The bad: there\u2019s no such thing as a fool-proof system<\/h2>\n
\n![\"body](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2019\/10\/16042347\/M062-Inline.body_recognition_privacy-1024x768.jpg\")
\nThere\u2019s no such thing as a system that\u2019s 100 percent secure, and there never will be. Any kind of digital data can be hacked and misappropriated. And, contrary to popular belief, it can even be faked<\/u>. Just a day after the release of the iPhone 5, which featured the TouchID fingerprint scanner, a German hacking group<\/a> managed to create a fake finger to unlock the devices. Sure, the technology has improved in the past seven years since that happened, but there\u2019s a big difference between improvement and perfection. Five years later, the same hacking group managed to crack the iris recognition in the Samsung S8 simply by placing a contact lens over a high-definition photo of an eye.<\/p>\nThe ugly: If you\u2019re hacked, there\u2019s no going back<\/h2>\n
A secure future without compromising privacy<\/h2>\n