Now more than ever, biometrics are emerging as part of a broader trend to improve security and thwart cyberattacks through more resilient authentication mechanisms. Not only is the world facing ever more cyberthreats across devices and systems, the global coronavirus pandemic is also shifting how consumers and businesses think about digital and physical risk exposure.
Biometrics have clear advantages from a security perspective, particularly when combined with multiple other factors, such as PINs or security questions. Biometrics are difficult to hack, are challenging for bad actors to replicate, are literally always on us and offer far less friction for end users. From automotive and e-learning to logistics and telehealth, companies across various sectors are increasingly considering biometric interfaces to improve security, safety and experience.
Yet, despite the benefits of biometrics, there are several privacy and security challenges and concerns that enterprises must evaluate in their due diligence.
Technical challenges of biometrics
1. If compromised or stolen, biometrics are irrevocable for life. Given the unique variations of an individual’s biometrics — indeed the most personally identifiable factor– they are extremely difficult to hack, requiring unique data to replicate, significant computation and esoteric tools. But the dark side to this coin is that, if these data points are compromised, the damage is double: First, stolen identity credentials can be used for all manner of theft, falsification and incrimination; and second, a person’s biometrics are impossible to replace.
2. Biometrics can be expensive to implement at scale. Implementing biometrics at scale that are capable of supporting multiple locations, devices or people is costly. The hardware, software, interoperability and cloud services required for AI-powered biometric authentication, such as facial or voice authentication, are not insignificant investments — not to mention the costs of the training, communications and security resources to support it.
3. Security tradeoffs. While biometric authentication has certain security advantages, it also begets additional security implications elsewhere in the security landscape. Scanners are but one node; data, server and network penetrations represent another set of vectors, as do ever-evolving fraud and spoofing techniques — not to mention nefarious use of AI capabilities to simulate, compromise or socially engineer. Further, given its lucrative sale on the dark web, biometric data represents one of several proverbial cat-and-mouse games between cybersecurity hackers and defenders.
4. Inaccuracy, bias and false positives. As with any technology, the risks of inaccuracy are another consideration. Biometric recognition has its own set of machine mistakes, including bias in the training data, denial of entry due to erroneous scanning, compromise of the biometric — a cut finger, for instance — backup fail-safe standards, false positives and negatives, and more.