Biometrics and Passwords

Many people have the misconception that biometrics such as fingerprint readers are more secure than passwords. It probably stems from Hollywood spy movies showing Top Secret facilities protected by biometric devices. However, for the vast majority of us who use sensible 8-12 character passwords and limit reuse, passwords are generally much safer than biometrics.

The first problem with biometrics is its immutability. We cannot change our fingerprints so we are using the same fingerprints to authenticate with various agencies or companies, this is not unlike using the same password for different services. For example, if you were fingerprinted when crossing the border. The government of that country could actually use that image to create a fake finger and use it to gain access to your company premises. Immutability also means that if a high resolution image of your fingerprint is leaked onto the web, you would have to worry about identity theft for the rest of your life. It is like having your password leaked and lacking the ability to reset the password. Worse still, you are forced to use the same password when registering for all other services for the rest of your life. Leaks have indeed happened before.

The second problem with biometrics lies in the fact that it is more difficult to safely store a biometric template compared to a password. A password can be hashed before storage. Hashing is a one way function and thus even if cybercriminals managed to obtain the hash, it is extremely difficult to find the password which corresponds to the hash. It is possible to use hashing because users are able to supply the exact same password every single time, however with biometrics, every single fingerprint scan is going to be slightly different due to dirt on the finger, angle of the finger or even how fast you swipe your finger. As a result, every single scan will produce a different hash and it is impossible to authenticate a user based on the hash alone. Hence the entire template, which stores the distance between the ridges or distinct points on the fingerprint must be retained. Armed with this information, it is possible to create a fake finger with the same dimensions. The safest way to store a biometric template is on hardware such as a secure element used by the iPhone or a hardware security module, however these solutions introduce additional complications and may not come cheap.

Biometrics is often portrayed in the movies as a single form of authentication. The character scans his finger and the door opens. However in reality, it is often used as a second factor, ala it replaces the password. So, a user has to either key in his username or insert/tap his smartcard and then scan his finger. This allows the system to narrow down and compare the fingerprint to only 1 template instead of trying to match it to every template. This is crucial in biometric systems with many users because chances are that 2 users may have extremely similar fingerprints and the system might match it to the wrong user. It also increases security since a criminal cannot simply walk in and try his luck by scanning his fingerprint and see if it matches any user that is in the system.

Even though I have used fingerprints as an example of biometrics, the same applies to iris scans, facial recognitions and so on. These systems provide an illusion of higher security but in reality, they are more for convenience than security.