One of the fastest growing markets in online security is biometrics, a system in which you unlock devices like your cell phone using a fingerprint, voice recognition, or facial and iris (eye) recognition. It's billed as being safer since, unlike a password that can be stolen, your unique physical features are yours alone and cannot be hacked or duplicated.
It sounds like foolproof security. But you should never underestimate the ingenuity of thieves and data collection services. They may not have your fingerprints, but they know how to replicate them. And once acquired they will be able to access all of your private data.
How Are Biometrics Vulnerable?
Let’s start with the obvious: for something like fingerprint identification to work, there has to be a sensor to convert your fingerprint into a form of data a computer can understand, a means to store that data, and software to compare your fingerprint with the one stored.
While these systems use sophisticated encryption to secure that stored data, that does not make them invulnerable to hacking. We read headlines almost every week about how some of the largest companies in the world discover that smarter thieves have conquered all the safeguards they put in place.
Your biometric data can also be obtained through the photos and videos you’ve uploaded to social media. There are already ways to extract your fingerprints and other physical features from a still photo. These techniques will only become more refined in years to come.
And just as there are “people finder” websites that scan the internet, collect your home address, phone number, and other data, then gladly sell them to anyone who asks, there are now companies collecting your biometric data for the same purpose. One of them, Clearview AI, already has a database of three billion (yes, billion) photos collected online.
If you password gets hacked, changing the password solves that problem. But if your fingerprint data is hacked, what can you do? Changing your fingerprints is pretty impractical – not to mention painful.
What Can You Do?
First, don’t rely on any single method to secure your data. Where biometrics can be effective is in two-factor authentication. If thieves have your password but not your fingerprint, they’re still locked out. If they have your fingerprint but not your password, they’re still screwed.
You can also call or write your Congressional representatives, and ask them to support legislation that regulates the use of biometric data. Such efforts are already underway in the European Union and some US states, but let them know that this is something you are concerned about. Data security and privacy protection should be non-partisan causes that everyone (except thieves) should support.