Nowadays, Traditional passwords are a weak point as according to Kaspersky, data leaks happen quite often. More and more have companies decide to change their approach by adopting biometrics. However, no one is immune to identity theft and there already have been several actual cases of losing biometric data.
To raise awareness on the topic and show that such data requires strong security regulations, here are four dangers of unsecured biometric data:
- Stranger-danger – In order to set face or touch recognition, the system usually requires one sample of a finger or a face. Hence, it is possible for a user to fail authorisation due to lighting conditions or such changes in their appearance as glasses, beards, make-up or aging. On the contrary, it allows cybercriminals to steal this sample and use it according to their malicious aims.
- A password for a lifetime – It is not a problem to change a password consisting of numbers and letters, but once you lose your biometric data you lose it forever. The problem with touch recognition can partially be solved by leaving only 2-4 fingerprints, leaving others for emergency cases, but it is still not safe enough.
- A digital locker – Existing digital lockers rely on cloud-based help – biometric matching usually happens on the server-side. If successful, the server provides the decryption key to the client. That increases the risk of a massive data leak – a server hack might lead to the compromising of biometric data.
- Biometrics in real life – There are two cases when an ordinary person can encounter biometric authentication. Firstly, banks try to adopt palm scans on ATMs as well as voice authentication on phone-based service desks. Secondly, individual electronic devices use touch and face recognition. However, biometric security is not yet fully developed and there are such constraints as CPU power, sensor price and physical dimensions, so some users have to sacrifice system robustness – some devices can be fooled by a wet paper with fingerprints generated using an ordinary printer or gelatin cast.
To secure biometric data, businesses should employ stringent security measures against breaches of traditional logins as for biometric identification technology in general, for now, it should be used as a secondary protection method that complements other security measures, but does not replace them completely.
Edited by Jenna Cook
Follow Jenna Cook on Twitter
Follow IT News Africa on Twitter