Why the Future of Security is Biometric
86% of Americans want to use biometric security to verify their identity or to authorize payments — Are PINs and passwords becoming a thing of the past?
Biometric Security Becomes Mainstream
Since Apple first introduced Touch ID in 2013, the global market for mobile biometrics has grown to over $14 billion
Today, 57% of apps feature a biometric login option
Americans prefer:
Fingerprint scanners: 63%
Facial recognition: 14%
Passwords and PINS: 8%
Voice Recognition: 2%
Consumers use mobile device biometrics for
Payments: 48% have authenticated a payment with biometrics
Apple Pay
Google Pay
Square Cash
Venmo
63% want to use biometrics to authorize payments when shopping in brick-and-mortar stores
Unlocking: 80% use biometrics to unlock their mobile devices
iPhones – 68%
Android – 25%
Laptops – 12%
Tablets – 11%
Banking: 42% won’t use banking apps that lack biometric authentication
Why Use Biometrics?
70% of Americans say biometrics are easier to use
Nearly half think biometrics are more secure
Are biometrics really better than traditional security?
Biometric Security: Beyond PINs & Passwords
What Is Biometric Security?
Biometric security uses physical and behavioral markers to identify authorized users and detect impostors
Physical identifiers:
Fingerprints
Facial recognition
Retinal scans
Voice recognition
Behavioral identifiers
Device usage patterns (location and time)
How a phone is tilted when it is held
Frequency of checking social media accounts
Finger movements and gestures
Hollywood Makes Hacking Biometrics Look Easy
Diamonds Are Forever (1971): Sean Connery uses a fake fingerprint to fool a scanner
Sneakers (1992): Robert Redford hacks voice recognition with a tape of the passphrase
Gattaca (1997): Ethan Hawke bypasses a DNA scan with a drop of blood
What Makes Biometrics Tough To Hack?
Much more time than hacking passwords
Difficult to attempt without being noticed
Creating a fake requires large amounts of user data
Biometric tech isn’t standardized, each device requires a unique approach
Can Biometrics Be Faked?
Masks: Bkav, a Vietnamese cybersecurity firm, cracked Apple’s Face ID using a mask made with a 3D printer, silicone and paper tape
Photos: Some Android devices can be tricked with a photo — including devices from some of the largest manufacturers
Samsung, Motorola, Sony, and Huawei
Fingerprints: The Samsung Galaxy S10 features a new ultrasonic fingerprint sensor — meant to be harder to hack
The sensor is easily fooled by 3D printed fingerprint
Family: Siblings, a mother and son, and even distant cousins have been able to unlock each others’ iPhone using Face ID
How It Works:
After a failed Face ID, iPhones ask the user to enter a passcode
If the code is entered correctly, the phone scans the user’s face to improve its recognition model
The Flaw: If someone knows your passcode and has similar features, Face ID may eventually identify them as you
Biometric sensors might be harder to hack, but they’re not perfect
Getting The Most Out Of Biometric Security
Know the limits of biometrics
Models of physical identifiers could be leaked from a security system
Once leaked, these identifiers can’t be changed like a password
Use two-step authentication
Pair biometrics and a PIN or password for tighter security
Or, require 2 physical identifiers to make it harder to spoof
Keep an eye on your device
Biometrics can’t secure your phone if you leave it unlocked and unsupervised
Once you’ve unlocked your device, tailgaters can swoop in and gain access
Choose the best tech
Look for features that can’t be fooled by a photograph or 3D print
Liveness detection
3D recognition
Don’t be lulled into a false sense of security — Biometric security isn’t foolproof
Sources:
http://www.digitus-biometrics.com/blog/biometric-security-in-movies/
https://www.pri.org/stories/2017-12-13/my-voice-my-passport-verify-me
https://www.csoonline.com/article/3339565/what-is-biometrics-and-why-collecting-biometric-data-is-risky.html
https://www.techadvisory.org/2018/04/biometrics-authentication-for-mobile-devices/
https://www.eweek.com/security/biometric-security-can-be-hacked-but-it-s-really-hard-to-do
https://www.pri.org/stories/2017-09-02/how-make-biometric-technology-more-secure
https://www.computerworld.com.au/article/630017/how-fool-face-id-iphone-x/
https://www.tomsguide.com/us/phone-face-unlock-photo,news-28969.html
https://www.theverge.com/2019/4/7/18299366/samsung-galaxy-s10-fingerprint-sensor-fooled-3d-printed-fingerprint
https://usa.visa.com/visa-everywhere/security/how-fingerprint-authentication-works.html
https://www.securitymagazine.com/articles/90347-consumers-are-concerned-about-biometrics-and-online-payments
https://www.securitymagazine.com/articles/88003-consumers-trust-biometrics-for-mobile-banking-and-payments
https://www.businesswire.com/news/home/20190213005176/en/Veridium-Survey-Reveals-Strong-Consumer-Sentiment-Biometric
https://www.computerweekly.com/news/450428775/Almost-70-of-customers-willing-to-use-fingerprint-biometrics-to-shop
https://www.cultofmac.com/514221/cousins-trick-face-id-thinking-theyre-person/
https://emtemp.gcom.cloud/ngw/globalassets/en/marketing/documents/gartner-l2-intelligence-report-mobile-2019-excerpt.pdf
https://www.macworld.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html
https://www.statista.com/topics/4989/biometric-technologies
http://www.digitus-biometrics.com/blog/biometric-security-in-movies/
https://www.pri.org/stories/2017-12-13/my-voice-my-passport-verify-me