Biometrics are set to replace passwords as the best way to secure accounts and devices. Of course, with any new security options, there are risks. While using your eye or fingerprint to log in to your phone might seem secure enough, some hidden risks are starting to become more clear. For now, a great password may still be a better option.
Biometric Data Storage Uncertain
Currently, there are no standards in place about how biometric data is stored or even used. If you were to use a fingerprint to log in to Facebook, your fingerprint would need to be stored in a database somewhere. Without security protocols in place, hacked databases are a real possibility. Data stored in government databases could be used to track you without your consent. Until protocols are in place, you can’t be certain where or how your biometric data is stored.
Hackers Can Beat Biometrics
Introduce a new security concept and hackers immediately try to find a way to beat it. Biometrics are no exception. For instance, hackers can generate a fake fingerprint from a high-resolution photo, such as researcher Starbug did with the German defense minister. Some hackers consider it as easy to break in to a fingerprint protected phone as it is to steam open a letter.
Perhaps the most notable hack happened in 2015 when 5.6 million fingerprints were stolen from the Office of Personnel Management. Hackers have even proved that facial recognition isn’t as safe as once thought. With just a few social media pictures, hackers were able to spoof facial recognition systems.
Biometrics Remain Visible
Unlike a password, the source of biometrics is always visible. You don’t hide your eyes, face, fingers, or ears. With the right technology, hackers can access your unique physical attributes. Once they do, they’re able to create models that are used to trick biometric security systems.
No Changing After a Hack
The most secure thing about biometrics is also the biggest downside. Your fingerprint may be unique, but what happens if your account is hacked? You can’t simply change your fingerprint like you would a password. Suddenly, someone else has access to your only password and there isn’t any way to change it.
Sometimes Biometrics Fail
If you forget your password, you’re usually prompted to reset it. You may have to answer some security questions or enter a special code that’s sent to your email or phone. If a biometrics scanner fails, there isn’t a way to reset your biometric password. For instance, when Apple first introduced the fingerprint scanner for iPhone, some users stated it only worked about half the time, locking them out of their phones often.
While this isn’t necessarily a security risk, it is highly inconvenient. For instance, if you needed to access your work computer, but the facial recognition system isn’t working, you’d be left sitting around while your boss wonders why you’re not working. As biometrics replace passwords and passkeys, this could become a major problem, such as not being able to crank your car or enter your home if the scanner isn’t working correctly.
Biometrics aren’t all bad, but there is still work to be done before passwords become a thing of the past.
Related Read: Is Biometric Security a Risk in Windows 10?