The Growth of Biometric Authentication

Passwords are a notoriously poor way for people to get secure access to their accounts. It’s not actually passwords that are the problem, but people. Everybody likes to do things with the least amount of effort possible, and for a lot of us that includes choosing passwords. We’d like something we’ll be sure to remember, but that usually means something that’s easy for others to guess. Passwords like “password” and “123456” are so common that anyone who uses them might as well not have a password at all.

A large part of the problem is that we have so many passwords for different sites. Coming up with a different password for each site is a pain. Password managers help with this, but most phones don’t come with one already installed, so getting one and figuring out how to use it takes some effort too.

Biometrics: Better than passwords?

It’s just easy to fall into the habit of choosing bad passwords. We find it hard to imagine we’re important enough to go after. But when we find out we’re wrong, it’s bad news.

There are other phone technologies that can make security easier. The basic problem is to show that you, the person logging into an account, are the same person who opened the account. One was to do this is to examine some part of your body that doesn’t change much over time and is different for every person. This approach is called biometrics.

Fingerprinting yourself

Fingerprints are a popular choice. We have our hands on our phones all the time, so it’s not a big step to put a thumb on a sensor. Currently it’s mostly high-end phones that have these, but they’re gradually appearing in less expensive phones.

The biggest use for fingerprints is in unlocking phones. If you can keep strangers from using your phone, they can’t use it to get into your online accounts. PINs for unlocking phones have the same problem as passwords; it’s too easy to settle on obvious combinations like “1234.” Unlocking a phone with a fingerprint takes even less effort than entering a PIN, and it’s difficult to fake.

There are several different kinds of fingerprint scanners.

  • The optical scanner takes a photograph of your fingerprint. It can get very high resolution compared to other methods, but it’s easier to fool by putting a picture of a fingerprint in front of it.
  • The capacitive scanner works electrically. It can “see” the ridges of your fingerprint, which are in contact with the scanner, and the gaps, where your skin is a little farther away. It can recognize the difference between three-dimensional human flesh and a flat picture or even a cast.
  • The ultrasonic scanner uses high-frequency sound waves to take the fingerprint’s ultrasound picture. Like the capacitive scanner, it sees a three-dimensional image, so a picture won’t fool it. This is a fairly new technology for phones, but it could offer advantages. An ultrasonic scanner can operate through metal or glass, so it can be better protected than a capacitive scanner.

Facial recognition

Some phones and financial services are following a different biometric route: taking a picture of your face. One of its simpler forms is Face Unlock on Android phones. Android says it’s not a secure feature; it’s far too easy to fool it with a still picture of the owner. A good PIN is better security.

Others, though, have come up with more secure forms of facial recognition. Its use for making payments (often called “selfie pay”) is a growing niche. MasterCard’s Identity Check requires you to blink in order to prove you’re a live person and not a picture. Amazon has applied for a patent on a similar method, though it hasn’t brought it out for public use yet.

Scanning the eye

We’ve seen movie scenes where people walk into super-secure facilities and prove their identity by staring into a device. Scanning the retina of the eye really works. The pattern of veins in the back of your eye is as distinctive as your fingerprint. It’s not the most user-friendly form of authentication, though.

A less intimidating variant is scanning the iris of the eye. This doesn’t require bringing your phone up close and staring into it while getting a flash of light in the eye. A phone can take a picture of your iris from a distance. It’s reported to give fewer false matches than fingerprint scans by a wide margin.

How secure are they?

No method of identification is absolutely secure. We can imagine science-fiction technology that can imitate a person’s appearance, voice, fingerprints, and eyes well enough to fool any security system. The question is which is the best of the alternatives.

Security depends on how good the system is at catching spoofs. It’s not hard to get your fingerprint or picture. If a crook can duplicate it in a way that’s good enough to trick a phone, your security is completely broken. You can change your password and have a different one for each account, but you have only two eyes and ten fingerprints, and you can’t change them.

Passwords, used properly, are very secure. Used badly, they aren’t secure at all. Biometrics provide pretty good security for everyone, and saddle everyone with the same weaknesses.

Perhaps biometrics will improve to the point that they’re competitive on security with the strongest passwords, and more convenient. When that happens, they may replace passwords. For now the tradeoff is a complicated one, but in a few years just looking at your phone may be the standard way of showing that you’re you.

Quik Fix Phone Repair is the top rated phone repair service in Tucson. Got a problem that needs fixing? Contact us!