By Lloyd Kenney
You’re probably familiar with the term “Biometric Identification”. Biometrics may be unique, but when installed on a computer, the information is still a string of numbers, it’s digitized. Physical identifiers include Fingerprints, Facial Recognition, Iris and Retinal Scans (Photo and Video), Hand Geometry, Palm Vein, Ear, Voice, Signature, and DNA. Note that a $1000 scanner is now available to do a DNA match in minutes.
The article, “Biometric Identification and Identity Theft”, by Jake Stroup at “The Balance” states that when the information is stored on a computer or a database system, whether it’s a credit card number or a digital voice print. A hacker can still steal such data from a computer or network.
“As far as security is concerned, many experts agree that maintaining a “token” form of identification is probably superior. Token identification is a card, password, personal identification number (PIN), etc. It is something that can be canceled or changed if it is lost, misplaced, or stolen. On the other hand, biometric identification can’t be lost, misplaced, or loaned to a friend, but it also can’t be replaced if it’s compromised either. This reality, combined with certain privacy issues (tracking, profiling, consumer-related privacy issues, etc.), is making experts give serious consideration to whether biometrics are a viable option on a large scale.”
Biometric Identification, while appearing to be a more secure system, also has its limitations since once added to a computer database it becomes digitized just like a credit card or Social Security /Social Insurance Number.
Stroup also points out that a smile can distort facial features – the reason why we’re told not to smile and show teeth in a driver’s license or passport photo. “But the biggest consideration is that a biometric identity system is only going to be as good as the information that’s put into it in the first place. In other words, your fingerprint won’t tell anyone who you are, all it can do is keep you from using somebody else’s identity once you are in the system. Identity theft expert John Sileo said, “If we implement biometrics without doing our due diligence on protecting the identity, we are doomed to repeat history – and our thumbprint will become just another Social Security /Insurance Number.”
The message is simple – Biometric Identification has some benefits, but don’t let it give you a false sense of security. Biometrics are the physical and behavioral characteristics of an individual, which can be used to digitally identify a person to provide access to various data, devices, and systems. It’s part of your identity.
Behavioral identifiers, although limited to fixed characteristics, may be open to imagination. These identifiers are often used to distinguish a human from a robot. Examples include Typing Patterns, Physical Movements, Navigation Patterns (think a mouse or touch screen movements, which are easy to detect with software), and Engagement Patterns. That last item can be as simple as how we hold our phones, how often we check social media, or how we navigate websites. These can be used in combination with other authentication methods, but as technology improves, may become standalone security measures.
Biometric identifiers are becoming increasingly popular and biometrics as an industry is expected to have a value of $68.8 billion by 2025. However, their use has some concerns and limitations.
Remember also that when such identifiers are moved or stored digitally, they are done so with a series of 1s and 0s, the place where hackers could step in. Bianca Soare at Heimdal Security puts it this way,” However, biometric authentication does carry with it quite a few security challenges and the main reason is obvious: once a biometric characteristic becomes compromised, it can’t be substituted. For malicious hackers, biometrics and other personal data contained within digital identification and access control systems can be easy prey. And while biometrics are indispensable to a cybersecurity profile, from a privacy perspective, the sensitive details an account holds might well become a nuisance.”
A recent data breach compromised approximately 184,000 traveler images from an agency’s facial recognition pilot at the Anzalduas border crossing at McAllen, Texas. If you have a business and are considering biometric identifiers, or if you, as a customer are requested to use biometrics, speak to a security expert to learn the best practices.
Bianca Soare, Heimdal Security, provides information to companies using biometrics and the employees, customers, and clients who may be required to use them.
“First, data accessed through IAM (Identity and Access Management) systems can be a prime target for malicious actors. For example, an experiment proved that the fingerprints of Germany’s Defense Minister could be recreated using only a few high-resolution images of the target. You must never forget the importance of maintaining good security hygiene: Knowing exactly what data you collect, how it is stored, periodically removing the information you no longer require, and using proper threat prevention and mitigating tools.
Second, be mindful of privileged accounts. Once an account with elevated rights becomes compromised, it may lead to a wide array of cybersecurity dangers. A top-notch Privileged Access Management tool will allow you to easily keep up with your privileged account management, keep a detailed overview of your account status, and grant admin rights to the users that need them only when they need them.
Sensor inaccuracy may open up security holes. In the case of sensor degradation, the consequences may range from the biometric system’s inability to properly identify an individual and deny his/her access to being unable to determine if the real owner of the account is indeed trying to access an IT system. For instance, back in 2018, Israel’s fingerprint identification system experienced ‘high rates of failure when used both at the country’s borders and by police’. Consequently, the working state of biometric systems must permanently be kept under watch by their owners and fixed as soon as possible in case of failure. In this instance, alternative authentication methods must be put at people’s disposal.”
Conclusion
Biometric technology – the detection of individuals using biological and behavioral characteristics – has been regarded as an identity identification solution that offers better protection and efficiency than conventional methods.
However, the use of biometrics in IAM (Identity and Access Management) is certainly a controversial topic – while trying to secure access, it may also lead to unnecessary threats.
Therefore, the private info needed for IAM technologies must be kept safe and aligned with any industry-specific legislation. It is also important to provide your clients and personnel with complete transparency on how your IAM data will be processed and used, particularly since this practice is required by more and more security regulations.
All in all, make sure you figure out when requiring the use of someone’s unique characteristics doesn’t overstep the mark in security and privacy, and always use them responsibly.
As a customer or client, keep this information in mind if requested to use one or more of your biometric identifiers.
Future articles will discuss a variety of identity theft, fraud, and scams, along with ways to recognize them to prevent being victimized. Follow me here on Medium to learn more.
Lloyd Kenney has more than 50 years of experience in business operations, sales, and marketing; he has presented over 230 “Identity Theft, Fraud & Scam” seminars supporting individuals and organizations in reducing their risk of being victimized. Kenney is a Performance Management expert who provides consultations and workshops on performance management. He is also the author of Performance Management: Hiring, coaching and, retaining high-performance, superior employees for small businesses.
You can follow Lloyd Kenney on LinkedIn and Facebook. Visit www.performanceplanning.ca
