1. How do biometrics work?
Biometric technology works by comparing a specific part of the human body with data on file for purposes of authentication, identification or health monitoring.
Every biometric system is different, but they all operate under the same basic three steps: enrollment, storage and comparison. In the case of authentication, the first time you use a biometric system, it records basic information about you, like your name or an identification number. It then captures an image or recording of your specific biometric trait. Contrary to what you may see in movies, most systems don’t store the complete image or recording, but instead analyze your trait and translate it into a code or graph called a template. The next time you use the system, it compares the trait you present to the information on file. Then, based on that comparison, it either accepts or rejects our authentication request.
2. Why are biometric devices becoming so popular for authentication?
To put it simply, biometric technology offers stronger and more convenient security than previous authentication methods. Passwords and key cards can both be compromised, forgotten or lost respectively. Because a biometric system is based around who a user is and not what she knows or has, it is more intuitive to use and much more difficult to compromise.
Thanks to recent innovations, biometric solutions are becoming increasingly accessible and recent high profile security breaches have underlined a need for better-than-password technology.
3. What is the difference between visible and invisible biometrics?
The term “invisible biometrics” refers to the unique traits that a person displays resulting from a large number of smaller physical traits and tendencies. These include voiceprint recognition, keystroke dynamics, handwriting, signature analysis, walking gait and webpage behavior.
Visible biometrics on the other hand rely on physical traits like hand and fingerprint patterns, vein images, patterns on a user’s eye and facial recognition.
4. How does identification differ from verification?
Biometric identification, frequently used in law enforcement and border control, is the process of comparing a user’s live biometric sample with many templates stored in a database in order to see if said subject is listed within the data set. Biometric based verification is the process of confirming the asserted identity of a user by comparing her live biometric sample with a particular record in the database to the ends of granting access.
5. What is the difference between one-to-one and one-to-many matching?
One-to-one matching refers to the process of verifying an identity, by comparing a submitted biometric to a single template that will grant access. One-to-many matching refers to the comparison of a biometric against multiple templates or images in a database, trying to find an individual by looking through profiles of many different people.
6. Can one organization share biometric samples with another?
In terms of authentication processes, every organization has its own database of biometric samples. Because authentication relies on using one specific biometric reading technique to compare a sample with a template, there is no value in sharing biometric information. As a result, each biometric system will require you to enroll for whatever services that require strong authentication.
Biometric identification databases can be shared between organizations. This is currently a controversial topic in the realm of privacy, particularly regarding facial recognition voiceprint databases.
7. Can a biometric be stolen?
A biometric cannot be stolen in the same sense as a password or key. That is not to say that they are an infallibly secure technology. Some biometric systems can be fooled into recognizing fake replicas of fingerprints, pictures of faces or voice recordings. This fraudulent practice, called ‘spoofing,’ is objectively more difficult and less scalable than password theft.
Anti-spoofing technology, otherwise known as liveness detection, is constantly being developed to allow biometric solutions to detect fake features.
If a company storing biometric templates in a database suffers a security breach, however, and a hacker obtains the authentication information, it poses significantly less risk than if passwords are compromised. A template is a derived code, not a biometric feature. Where a stolen password can be used by anyone, a stolen template is functionally useless.
8. Is biometric technology a threat to your health?
Today, many biometric technologies are contactless and simply rely on special imaging techniques that can be compared to high-definition photography. In fact, a number of biometric softwares use smartphone cameras to capture your features, so authentication is sometimes no more of a health risk than taking a selfie.
Those biometric modalities that do require contact with shared surfaces can be made specially sanitary with the addition of antimicrobial scanning surfaces, but are still otherwise as healthy as opening a door with your hand.
That said, some institutions that deal with high population authentication situations, such as educational institutions, will choose contactless biometric solutions over others in order to be extra safe come flu season.
9. Do fingerprints and other biometrics change when you get older?
Once a person stops growing, their fingerprints and other biometrics are largely constant. Mutilation and general wear and tear can change a person’s physical appearance and therefore their biometrics. Ongoing studies dedicated to the effects of age on a human’s biometric traits exist. At the moment of this writing, it is believed that irises and fingerprints do not change with age. If a change in a user’s biometric s does occur, that user can be re-enrolled into a system.
10. What needs to be considered when you enroll your biometric?
Enrolling in a biometric system is slightly stigmatized thanks to a lack of public education on the topic. There are very few privacy concerns when it comes to enrolling in a system for authentication purposes. That said, as with all processes that require your personal information, be sure to understand how it is being used, where it is being stored, and why you are being asked to submit your biometrics.
A recent ruling by a Circuit Court Judge in the United States has seen criminal defendants being compelled by police to give up fingerprints for access to smartphones – something that cannot be done with passcodes or knowledge-based authenticators. This ruling has underlined the importance of dialogue in the role that biometrics play in everyday security, and why policies and rules should be at the forefront of the industry’s conversation.