Accessing Safety in the Age of Biometrics

Biometrics

Whether at the bank, in line at an amusement park or simply unlocking your smartphone, many of us have used our fingerprints or even our faces to prove who we are.

But while that process, known as biometrics, becomes more common, is it safer?

“Biometrics are inherently secure due to the uniqueness of what is being presented as your original identification such as a fingerprint,” said Dr. Wendi Kappers, who chairs Embry-Riddle Worldwide’s Information Security & Assurance program. “However, with all security, the problem becomes its storage, where the data is kept, and how it is managed.”

It’s that issue that leads Mike Peterson, an information security analyst at Embry-Riddle Aeronautical University, to be leery of growing use of the method.

“I often hear that biometrics will replace passwords as an authentication solution that will ease the burden on users, however, I don’t think this will or should be the case,” said Peterson.

Biometrics, Peterson says, differs from passwords in the sense that it falls under the category of something you are, rather than something you know or have. The biggest difference is that while a password can be changed, a biometric signature cannot. This can serve as both a positive and negative attribute.

In 2014, more than 22 million people had sensitive information stolen in two major breaches of U.S. government databases maintained by the Office of Personnel Management. According to U.S. officials, the breach ranks among the most damaging cyber heists in history primarily due to the detail in the files, some of which included fingerprints -- including Peterson’s.

“I consider my fingerprint a secure enough authentication mechanism for something that is always on my person, such as my phone,” said Peterson. “In light of that breach, however, I will never feel comfortable using it as an authentication mechanism for an internet-facing service, especially one that may be targeted by foreign adversaries that have access to OPM data.”

Kappers says that in order to fully protect ourselves in this area, a few steps will need to be taken.

“We need global collaboration, not just a database for each country but one that is unified and updated by all,” she said. “We also need to add layers of protection and encryption. Think Harry Potter and the multi-level vault protection at Gringott’s.”

But while most of the biometric focus has been on the fingerprint, there has been a great deal of advancement on other fronts as well.

Using a special camera, Windows Hello uses facial recognition to confirm your identity. Much like that of Apple’s TouchID, the biometrics data itself never leaves the device and is stored securely, making it difficult for outside applications to access it.

With the camera enabled, you log in simply by sitting in front of your machine. And while some facial recognition software has been known to be tricked simply by a photograph, Windows Hello can be set so that you’re required also to turn your head to the left and right to confirm it’s really you.

But looking even further into the future, Peterson says that biometrics are moving in a direction less who we are and more how we act.

“There’s a lot of research going on in regards to people’s behaviors,” he explained. “For example, everyone types a little differently; thus, by measuring the way someone types, you can uniquely identify that individual.”

This method, called behavioral biometrics, has a lot of possibilities for authentication. One interesting technique drops some of the new-school thinking and goes back to the basic written signature. But now, thanks to modern technology and the fact that exact handwriting style is centric to the individual, it’s possible to analyze the way you sign your name based on things like speed, style and where you begin on the screen.

But biometrics, like any other security method, will never be a perfect system; standards will continue to evolve as more institutions adopt technology making biometrics truly the future of cybersecurity.

“No one can predict the future, but it will take everyone to find a solution,” said Kappers. “Artificial intelligence is on the rise, cybersecurity is all the buzz, terrorism seems to be everywhere, and while only humans can find a solution, the answer will be built on technology.

Learn more about Embry-Riddle's Worldwide Campus.