Biometrics: Is it a silver bullet for authentication?
Authentication methods hold a key role in cybersecurity. Password is one of the oldest and popular methods of authentication and we are still depending on it for accessing maximum services. However password authentication has many flaws and most of them are exploited very often through techniques like ‘Phishing’, ‘Social Engineering… etc., and this is what makes the password authentication highly unreliable. That’s the reason researchers are considering the biometrics to strengthen the authentication process.
Biometrics can be used in many ways of authentication and it makes the authentication process less complex and more convenient. Biometrics involve measurement and analysis of various physical and behavioral characteristics of a human being. For that, we depend on physical credentials like ‘DNA Matching, Ear Shape, Iris Recognition, Retina Recognition, Facial Recognition, Fingerprint Recognition, Finger Geometry Recognition, Gait Recognition, Hand Geometry Recognition, Olfactory Recognition, Signature Recognition, Typing Recognition, Vein Recognition, and Voice Recognition’. Since the above credentials are unique to each human being and are sufficient for accurate authentication, biometrics are considered as an apt replacement for passwords in near future.
The Benefits of implementing Biometric authentication
Biometric credentials are more feasible than password authentication. A major vulnerability in the password authentication is that users tend to use weak passwords and they reuse it for a number of accounts. We can close the security gap posed by these weak credentials by establishing biometric authentication where your body becomes your access credentials.
Researchers are developing spoof-free credentials like eyeball reflexes, keystroke patterns, mouse moments which offer more reliable modes of authentication. By implementing advanced sensors and spoof-free biometric credentials, we can make the authentication process more secure.
Security concerns of Biometric credentials
Every technology has its pros and cons. Now let’s the count the cons in the biometric authentication.
Biometric authentication is as vulnerable as any other authentication technique because no matter how the technique differs, we use servers to save the information and servers can be breached. And to make things worse, unlike passwords, biometric information cannot be changed.
Some biometric information is very volatile for example, your voice. Some financial enterprises have already implemented voice authentication, but imagine what would happen if you lost your voice or you catch a cold?
Feasible biometric credentials like fingerprints, iris patterns can easily be spoofed by using various techniques. Fingerprints can be spoofed by using simple household things like ‘transparent plastic tape’, ‘play dough’ or gummy bears. Your “Iris pattern” can be spoofed using high quality images of your eyes.
The major anomaly in the biometric information is that it takes the anonymity away from the user. Password offers anonymity and you can withhold your authentication credentials from whomever you wish to. Well, not in the case of biometrics. A suspect can be forced to unlock his devices using fingerprints or any other biometric credentials. Biometric information is a unique entity which makes it very dangerous if it falls in the wrong hands. Additionally it offer much easier ways of surveillance. It has also been reported that some DNA database companies are asked to hand over generic data by the authorities. When you use natural credentials to access the systems, the attacker no longer needs to target the entire system. Instead of targeting the system he can target you, to be more specific your body.
Not a silver bullet, not yet.
It is not that biometric authentication is totally bad, but replacing the whole authentication process with only biometrics is a terrible idea. We must consider biometric authentication as an added layer of security. Just like how we use two-factor authentication today. And we can’t forget passwords too, not yet. At least not until we establish 100% hack-proof authentication credentials.