Are Biometric Security Measures The Way Of The Future?
Biometrics: The Future Has Arrived
Biometric technology uses body measurements and physical characteristics to identify individuals and unlock access to anything from your digital device, to your car, your finances to airport access.
It’s a rapidly advancing field of technology that has already infiltrated aspects of our day to day lives (refer RoyalAuto’s excellent article, ‘How biometrics is unlocking the future’).
You’re Unique – Until Someone Copies You
Once upon a time (no, this isn’t a fairytale) fingerprints were made using ink or exposed by brushing fine power over a hard surface, and they were a key way State-run departments or police kept track of people. That’s because everyone has a unique fingerprint, and back then people couldn’t hide their identity through their fingers. But that was then.
Technology now exists that can capture unique biometrics, such as your fingerprints, without you even knowing it’s happened (refer Bernard Marr’s article, ‘Facial Recognition Technology: Here Are The Important Pros and Cons’). Once someone steals your fingerprint, it’s still unique but it’s no longer exclusively yours! And herein lies the difficulty with biometric security.
Something Irreplaceable Creates Irreparable Problems
Let’s follow through on the example of using your fingerprint for biometric security. Most mobile devices can be unlocked by their owner’s finger or thumbprint. I have it on my mobile. But what if your fingerprints get stolen? Of course, you can cancel any service that operates on fingerprint authorisation, but that doesn’t change the fact that you have lost access to the irreplaceable – your personal biometric fingerprints. You can’t go out an get a ‘new set’. They’re gone for good!
Do More Research
Please don’t panic. I’m not writing this to cause you undue stress, but to remind you of the importance of taking the time to really research new technologies. The digital security landscape has changed dramatically in the last two years. When thinking of adopting a new app or technology, you not only need to know what it offers you, but also try and think if it will open new risks, also called ‘attack surfaces’ to your online security.
Some suggested angles to research:
- Look for reviews of a product or app you are considering, both industry and user reviews.
- What alternate security options exist? Would they expose you to less or greater risk?
- Try and think like a hacker. It’s a bit like assessing potential security risks to your private residence: imagine you want to break in. Where would you start?
Better yet, attend or research outcomes from commercially run hacker conferences, such as DEF-CON which is held every year in Las Vegas and attracts some of the world’s best hackers. ‘Ethical’ hackers love the challenge hacking into systems or devices to identify and repair potential vulnerabilities. In fact, some of the world’s largest software corporations, such as Microsoft and Apple, invite certified hackers to try and penetrate their systems because of the invaluable insights they gain from them.
Why I’m Cautious About Biometric Security
This year I attended Ingram Micro’s Cloud Summit 2019, where I heard the very talented Roy Dalal, Co-Founder and CEO of verifyoo, give a devastating insight into how easy it is for personal biometric characteristics to be stolen using online images! Think of an Instagram or Facebook post, where someone is giving the ‘thumbs up’ or you can clearly see their facial features. Truly scary!
So, for now, I’ve taken the advice of my IT team at itro, and recommendation from The Australian Cyber Security Centre, that MFA is currently ‘one of the most effective controls businesses can implement to prevent an adversary from gaining access to sensitive information, devices or network’ and installed it on my devices. Anytime access to my digital accounts is attempted, additional proof of identify other than my user name and password is demanded via my smartphone.
That means someone would need to steal not only my user name and password but also my mobile to access my accounts. If someone did steal my user and password details (but not my mobile) and tried to access my accounts I would know instantly via an MFA alert that:
- my critical data had been stolen (and would need to be changed);
- someone was trying to gain malicious access to my accounts;
- via what application; and from where.
As well as exposing any attack, MFA lets me easily control a situation by selecting the ‘DENY’ option on my mobile screen. Of course, if it’s me logging on I simply select ‘APPROVE’. Easy, and I’m not risking anything irreplaceable in using MFA.
If you’re interested in knowing more about MFA, you may appreciate my earlier blogs on how to research various MFA products available on market (https://www.itro.com.au/this-is-why-the-government-is-promoting-mfa-more-than-ever/) and my interview of a Director and Senior Engineer at itro about their experiences in adopting MFA (‘Benefits of MFA with our itro Director and Senior Engineer’).
To recap, don’t let fear or lack of knowledge hold you back from making important security decisions. Do your research. Think it through. Tap into your professional colleagues or associates from other businesses, Firms or industries and find out about their experiences.
Also, the Australian Government is proactively trying to help businesses implement sound cyber security decisions by publishing non-proprietary information and guidelines. Websites worth checking out include: