With nearly eight billion people on the planet — and more than half of them on internet — verifying who’s who is one of the great technological challenges of our time. To meet this challenge, Biometric security is rising to the occasion, buoyed by technological advancements and user-friendly experiences.
Modern biometrics can seem like science fiction, but the concept is far from new. Sir Francis Galton, cousin of the famous Charles Darwin, used an analysis of over 8,000 fingerprint samples to publish what would become the first fingerprint classification system in history.
Building on the work of Sir Francis Galton, the Metropolitan Police of London used shapes like whorls and loops identify individuals based on fingerprint patterns at the beginning of the 20th century. The resulting Henry Classification System is so effective, it’s still the foundation for the most common form of biometrics used around the world today – the Automated Fingerprint Identification System (AFIS).
Today’s infographic, from Computer Science Zone, covers biometric security from a number of angles, from current use cases to the ways people are outsmarting existing security measures.
Biometric Security 101
There are three possible ways of proving one’s identity:
- Using something you possess (e.g. keys, badge, documentation)
- Using something you know (e.g. password, code, security question)
- Using an intrinsic identifying feature (e.g. fingerprint, face)
Biometrics are an example of the third type, using biological measurements to identify individuals. Typically, these measurements are derived from physical characteristics, such as irises, fingerprints, facial features, or even a person’s voice.
When used in a security application, biometrics are theoretically more secure than traditional passwords since detailed physical characteristics are unique to each person.
By now, we’re all well aware that solely using text passwords leaves our information at risk. Even in 2019, the top passwords are still “123456” and “password”.
Passwords are still the default method of accessing accounts though, so a process called two-factor authentication was introduced to add a new layer of security. The most common type of two-factor authentication involves sending an email or text message to help ensure that only the rightful owner of an account can log in.
Increasingly though, biometric security measures are replacing one or both of those steps. Apple’s introduction of a fingerprint scanner in the iPhone 5S was a high-profile example of biometrics moving into widely available consumer products. Today, every new smartphone on the market has some sort of biometric feature.
The Internet of Faces
Today, the majority of consumers are now comfortable with using fingerprint recognition to access their device, but they’re still skeptical about facial recognition — only 14% of people prefer using that method to access their device.
Soon, however, they may not have a choice. Consumer technology is bullish on facial recognition, and government entities are happy to come along for the ride. Correctly and efficiently identifying citizens has always proved a struggle for law enforcement, border control, airport security, and other highly regulated systems, so facial recognition is a very appealing option to quickly and cheaply identify people at scale.
One real world example is the Schengen Entry-Exit System, which will use a mix of fingerprint and facial recognition to alleviate security bottlenecks at European airports.
In China, a new rule that went into effect across the country making the submission of facial recognition scans a prerequisite for registering a new SIM card — just one of the ways China is populating its biometric database.
Of course, the trade-off is a loss of privacy as that technology spills over from airport security into public spaces.
According to a recent study, facial recognition accuracy jumped 20x between 2013 and 2018. Just 0.2% of searches, in a database of of over 26 million photos, failed to match the correct image.
Peering into the Digital Reflection
Another aspect of biometric security looks beyond physical features, and instead relies on changes in behavioral patterns to detect fraud or unauthorized access.
Money laundering and fraud cost the global economy upwards of $2 trillion per year, so financial institutions in particular have a big incentive to invest in early fraud detection. To this end, behavioral biometrics is proving to be an effective way of detecting suspicious login attempts earlier and flagging transfers that deviate from expected patterns.
Biometric security in consumer products is still in its early stages, so the technology is far from bulletproof. There have been several examples of fooling systems, from fingerprint cloning to using masks to unlock devices. As with any security measure, there will continue to an arms race between companies and hackers looking to slip past defenses.
Another issue raised by increasing biometric use is in the realm of privacy. Critics of biometrics point out that iris scans and FaceID don’t enjoy the same protection from law enforcement as a traditional password. Because a defendant would have to say something, text passwords fall under the protection of the Fifth Amendment, while biometric locks do not. This is a debate that will continue to rage on as consumer products continue to implement biometrics.
In the meantime, our physical attributes will increasingly become our key to the digital world.