It used to be that fingerprint access and iris scanning were something seen in TV shows and spy movies. Well, at least that’s the case for anyone over the age of 40. Today, the integration of biometrics into security access systems is quite common.
The idea that biometrics is more secure and more difficult to override appeals to many businesses. Building managers are sold on only validated employees can gain access to buildings and systems. The problem is that users, typically employees, usually don’t have a choice in the matter. Their fingerprints are scanned, stored in the system and used in multiple ways. And while biometrics may be harder to tamper with, it’s not impossible. Biometric systems are also not error free.
Take for example a factory where workers operate in a cold or wet environment, yet have to access areas through fingerprint scanners. They may wear gloves to protect their hands, but it doesn’t always prevent the skin of their fingers from getting clammy. When this is the case, the scanners may not recognize workers’ fingerprints, as they need dry and smooth to scan accurately.
One might say that’s just one example where biometrics aren’t the best use case for a particular environment. That, despite these flaws, they are still one of the best security access options, especially for corporate offices. Possibly, but that doesn’t mean that they are without risk and that there aren’t opportunities to improve biometrics in how they’re applied.
More Data, More Risk
With identity fraud on the rise, one of the major concerns about using biometrics is the amount of data they contain. Facial recognition and fingerprints are personal, so if you’re going to steal someone’s identify to access a system, what more do you need? With a little help from generative AI, it becomes easier to pass off a fake identity as a one that is authenticated. Suddenly, what is intended to make a system more secure, is instead a major vulnerability.
One of the major premises behind data privacy laws is to ensure that organizations collecting personal data are taking the right measures to protect that data. As threat actors advance their methods of attack, it’s only proving that no system, no matter how specific the security parameters are, can be overconfident.
The argument may be that biometric systems are expensive to implement and even more so to hack. This limits the pool of vulnerable organizations and people that would target them. However, the value of biometric data should not be underestimated. It’s not the same as an address or a bank account number. Individual identities, facial features and fingerprints are far more personal. As such, biometric systems have a greater responsibility to keep that personal data safe.
This means safely stored, safely transmitted, safely integrated with other systems, and being extra vigilant about possible vulnerabilities. It’s not just about security for organizations, but also for individuals, one can’t be achieved at the cost of the other.
