GlobalSign. Biometric Authentication: The Good, the Bad, and the Ugly
November 17, 2023 - 12 minutes readIt may not seem like it, but humans have been using some form of biometric authentication since ancient times. For example, handprints and fingerprints have been used to sign contracts or seal deals for centuries; these can rightly be considered very early prototypes of biometric authentication.
However, we have seen a boom in the use of more advanced biometric authentication technologies in recent years. From facial recognition technology that allows you to pass through national security borders to temperature and cybersecurity screening in a post-pandemic landscape, biometric authentication is used just about everywhere these days.
So what should we be aware of as the possible uses of biometric authentication technology expand? This article will look at what biometric authentication is and what it is used for. Then we will explore the benefits of this evolving technology and the challenges that will need to be addressed as the use of biometric authentication continues to grow.
What Is Biometric Authentication?
Biometric authentication is a method of using unique biological markers to verify or validate someone’s identity. Methods of biometric authentication can include:
- Fingerprint scanning
- Retinal scans
- Iris recognition scans
- Facial recognition screening
- Scent identification
- Voice recognition analysis
- Hand geometry analysis
- Finger vein scanning
- Thermodynamic biometrics matching
- Gait identification
- Keystroke matching
- DNA identification
- Ear shape analysis
- Signature confirmation
Some analysts categorize biometric authentication into two distinct groups. The first category of analysis and recognition includes biological markers, such as fingerprints, scent, or hand geometry. The second category includes behavioral dynamics, such as how someone signs their name or how they walk, as a form of biometric authentication.
How Does Biometric Authentication Work?
Biometric authentication works by first gathering biometric information from the person whose identity needs to be verified. For example, data can be gathered using a contactless camera that scans the person’s face to collect imagery or a fingerprint scanner that collects multiple views of the person’s fingerprints.
Once this initial image has been collected, it is translated into a unique string of numbers. That code is then sent to a vast database of stored number codes to see whether it matches the specific code already on file for that person. Since each biometric feature is extremely difficult to falsify, this unique code should be able to confirm and identify the individual securely.
What Is Biometric Authentication Used for?
In the broadest terms, biometric authentication is used for any situation where someone’s identity needs to be verified securely. The most common biometric data analysis and screening methods used for authentication purposes are fingerprint scanning, facial recognition screening, vocal recognition, and finger vein or palm pattern matching.
Biometric authentication is used by large-scale organizations, including government agencies and global financial institutions. Airports now use facial recognition technology and fingerprint analysis as part of regular security screening operations at international borders. Shopping malls collect biometric information to monitor entrances and exits and track pedestrian activity.
Organizations can use biometric authentication to secure access to restricted documents, making it an invaluable tool for in-house HR departments. Individuals use biometric authentication to access personal accounts, including logging into laptops and smartphones, verifying identity for specific apps, and confirming payments on Apple Pay for iOs users.
Individuals can also use biometric authentication to access financial and crypto accounts, enabling them to access their crypto funds without lengthy passwords. For example, many people use liquid staking to lock their crypto holdings on a proof-of-stake network (such as Ethereum) while still earning rewards on their holdings. The holdings can be secured and only accessed by the depositor via biometric authentication.
Some applications also use biometric authentication to validate user identities. Online dating apps, in particular, use this technology to keep digital romances secure. During the global coronavirus pandemic, biometric data collection became an essential part of monitoring health information and helping to contain the spread of the virus. Biometric data collection, including information about body temperature and health statistics, continues to be used by many public institutions today, especially in the healthcare sector.
The Benefits of Biometric Authentication
Biometric authentication provides several compelling benefits for individuals and organizations alike. The primary reason to use it is the boost in security biometric authentication provides. Since specific biometric characteristics are extremely hard to falsify, biometric authentication can greatly reduce the risk of identity theft or fraud.
In addition, individuals no longer need to create, maintain, and remember lengthy passwords for each separate account and access point. You carry your face and fingerprints with you wherever you go, making identity verification much smoother. You can lose a pair of keys, but except in very extreme circumstances, you will not lose your fingerprints, so your authentication will be secure no matter where you are.
Most biometric authentication processes are simple and intuitive. They do not require users to create an account with specific login details that they must enter each time or provide a particular access code to gain entry to a restricted space. Individuals simply follow instructions, look into a camera or press their palms on a scanner, and then walk through the gate that automatically opens.
Similarly, with laptops and smartphones that use fingerprint authentication, users simply scan their fingerprints, and the account opens for them. When it works correctly, the process is seamless and efficient and saves time.
The Challenges Facing Biometric Authentication
While biometric authentication has grown in popularity in recent years, the field faces many challenges that will need to be addressed as the technology continues to develop.
Implicit Biases
Many human rights advocates have identified that some biometric authentication methods contain troubling and deeply problematic implicit biases. Since facial recognition technology draws from existing data sets that may contain built-in racism or gender bias, the technology reflects these issues. The datasets tend to display images that are 77% male and 83% white, which is a gross misrepresentation of the general demographics of any country.
Transgender and gender non-binary individuals may be miscategorized by physiological identification tools. And there have been a disturbing number of incidents where facial recognition scanners have not recognized Asian or African American individuals or have identified them incorrectly.
In the UK, for example, Uber has implemented a policy that uses facial recognition software to identify its drivers. All Uber drivers already have to go through security and verification processes, but because of this policy, Transport for London (TFL) has revoked drivers’ licenses over negative recognition results, which have come about because these drivers have brown skin.
Privacy Concerns
Many security watchdogs have raised serious concerns over the vast amounts of data collected without consent by government agencies and public institutions as part of biometric authentication processes. Many argue that individuals should maintain the right to privacy over their image and should not have to submit to providing their facial features or other biometric details to be stored in government databases.
Security presents another facet of concern. These huge storehouses of biometric information provide enticing targets for bad actors interested in wreaking havoc on a large scale. If hackers can gain access to biometric data storehouses, they could easily disrupt confidential security systems and enact widespread campaigns of fraud and identity theft. Encryption methods are used to prevent this type of attack, but there are still widespread concerns over the security of so much sensitive biometric data.
Physical Alterations
If only one type of biometric authentication is used for providing access to specific apps, devices, documents, or locations, then individuals run the risk of losing access to these restricted spaces if something happens to alter their physical characteristics. Individuals who are in an accident that changes their facial features may no longer be recognized by the biometric database analysts, which could result in them being locked out of their accounts.
Similarly, if a person suffers severe burns on their hands, their fingerprints may no longer be readable to the scanners, leaving them without recourse to access their accounts. For this reason, a combination of authentication factors is key for any secure account.
Final Thoughts
While biometric authentication creates a simple, straightforward, highly secure approach to identity verification, it still faces many challenges. As the technology continues to develop, and as organizations at every level continue to embrace this method of user validation, there are certainly challenges that will need to be addressed.
Developers will need to make some changes to ensure that implicit biases are erased from the system, creating a more inclusive dataset that will not result in the miscategorization of dark-skinned or transgender people. Governments – or human rights protection agencies – will need to create policies to regulate what kind of information is collected by who and ensure that individuals have the right to give or revoke consent over the collection of their biometric information.
But with these regulations and the evolution of technology, we can expect to see biometric authentication methods expanding into ever more aspects of our everyday lives.
Source: GlobalSign
Powered by WPeMatico