Security researchers have been discussing biometrics for some time now, so it is not a new topic and the real-life implementations of biometric-based security solutions have been limited.
Then comes Apple’s new iPhone 5S and all of a sudden biometrics becomes a mainstream technology, literally in the hands of millions of everyday users. Our own Jeff Carpenter recently mentioned in his blog that by the end of 2013 nearly 20 million (estimated based on iPhone sales) people will have access to this technology as they begin to use their iPhone 5S devices.
And the biometrics debate begins; there are so many questions: what it is used for; device access only or more -such as authentication for financial transactions; and there are also questions on where the fingerprint data will be stored, which applications will access it; on application level or on OS level. There is even news on security researchers hacking the iPhone Touch ID a day after it was released. In my opinion, while these are all valid discussions, the most important issue around biometrics is the fact that a user fingerprint is with him/her for life and cannot be changed.
A quick look at the cybercrime, more specifically financial fraud history shows us that the fraudster activities have been around stealing personal financial information such as bank accounts, login credentials, PIN numbers, one-time passwords, credit card numbers…. There is a single common denominator to all these types of personal financial information, that all of it can be replaced with a new one. Yes, it is painful, yes, it may not be easy, but if a credit card is compromised, it can be cancelled and replaced with a new one. Now back to the biometrics debate; our fingerprints, unique to each and every one of us, once translated into 1s and 0s, will be a file; a digital file that can be used, stored, encrypted, transferred and also can be stolen. When a digital fingerprint is compromised, it is not easy to get a new one, at least for the time being.
I will end my blog with a question; so is the biometrics a short term solution? It will work for a while, an exciting technology that will be fun to use, but once compromised will it be obsolete rather quickly? Only the time will tell, but remember not one security option is perfect and the success of security lies in probability….