Biometrics Secure in the Right Hands
June 14, 2016
When used wisely, biometrics are an access control solution that can ensure privacy and security. However, the operative words there were ‘used wisely’. Used irresponsibly, they can cause damage just like any other access control security system. Perhaps thankfully, the onus is on providers, and not end users, to ensure good practices though.
Passwords have long been a problem. That’s nothing new. No matter how many sites and services try to educate their users on best practices and safety tips with passwords, there are still those who will continue to use simple passwords repeatedly. And it’s totally understandable when you consider the sheer number of accounts and passwords that someone with an active digital life requires these days.
A secure online life can be achieved with passwords, but it’s a lot of work and a lot of unique long passwords with almost as many rule variations regarding special characters and numbers. Asking every user to follow such a laborious security protocol is just not practical.
Biometric solutions for better security
Biometrics on the other hand are extremely convenient and simple for end users. Firstly, because they don’t have anything to remember – no special rules or random combinations of numbers and characters. People can prove who they are by simply being who they are: excellent.
But, bad biometric security practice can of course be damaging in the same way bad password management can be. Lots of hacks and breaches come from stolen passwords, but they can quickly be changed and reissued. Biometrics are much harder to steal but it should be recognised new fingerprints can’t be reissued quite as easily…
Who owns the biometric
That’s why it’s important that providers of biometric solutions have good security measures in place. One possible way to negate the security risk of storing biometric data that could be potentially damaging if hacked or leaked – is to simply not store it at all.
Just this month, leading accountants, PWC, released a report on this very subject. In it the firm advocated and commended the use of device-based biometric storage seen in solutions such as Apple Pay. The biometric data for Apple Pay is only stored directly on the device – it is not held centrally.
When a payment is approved – the user’s fingerprint is not sent to the merchant, just a token to confirm that the identity check has been passed and the transaction has been authenticated. This prevents the creation of a huge store of biometric data either by Apple, or any merchant involved in the payment process.
That’s not how we approach it here at BioStore, as our solutions are not device-based. Click here to read all about BioStore’s use of biometrics and how our systems negate the risk in different ways.
For end users, biometric solutions put good security practice in the hands of the providers. And that’s perhaps a good thing. Because if passwords are anything to go by, most users are reliable, but it only takes the lapsed approach of a few for the whole system to be compromised. On the other hand, wisely used and implemented, biometrics can provide trouble-free security and convenience for all.