Hey WeLiveSecurity, how does biometric authentication work?

Your eyes can be the window to your soul, but they can also be your flight boarding pass or the key that unlocks your phone. What are the pros and cons of using biometrics for authentication?

The ability to confirm your identity using your fingerprint or face is something we’ve already gotten used to. Most of us have a piece of this technology in our pockets: our phones are able to recognize not only our facial features and fingerprints, but also our voices, sleep patterns, and heart and breathing rates.

As biometric identification becomes more common and reliable, it is also increasingly used as a standard authentication technology. Chances are you already use your fingerprint or face to unlock your phone, open the door and start your car, or manage your bank account. But are we ready to give away all our unique biometric traits in exchange for (a promise of) better security?

In this article, we will look at some of the most established types of biometric authentication and examine the pros and cons of this ubiquitous technology.

What are the most common types of biometric authentication?

1. Fingerprint recognition

Many countries have used fingerprints on our ID cards and when applying for travel visas, and authorities have long used (fingerprint and other) biometric features to identify criminals and solve crimes. Fingerprints have been used for centuries. But it was when Apple incorporated a fingerprint sensor into its iPhone 5S in 2013 that this technology first became widely used.

Figure 1. Fingerprint authentication in an iPhone

Figure 1. Fingerprint authentication in an iPhone

Over the years, this technology has evolved from the iPhone’s physical Home Button with an integrated capacitive sensor capable of generating electrical charge when in contact with the fingerprint edges to map the user’s finger and recognize it.

Recently, however, it is on Android phones that fingerprint sensors have flourished. Different brands have different approaches to their models, using similar capacitive sensors, optical sensors under the screen that use light to create images on the fingerprint or, more recently, ultrasonic sensors that send a pulse of inaudible sound against the finger to create a complex 3D- picture.

Optical sensors vs capacitive sensors vs ultrasonic sensors

Figure 2. Three types of fingerprint sensors in phones

While fingerprint recognition is a pretty secure authentication method, unless someone steals your fingerprint – or your finger – it all depends on the reliability of the device you’re using. When it comes to data protection, most major manufacturers, such as Apple, Google or Samsung, store your fingerprint locally and not online. So even when you use your fingerprint to sign in to a service or account on your phone, that app only receives a digital key and not your fingerprint details.

2. Facial recognition

What seemed like science fiction not so long ago is today another common method of identity verification. Our facial features are now enough to open doors, unlock our smartphones, validate payments and access all the credentials stored in our password management apps. Face recognition can work in different ways: simple image comparison, video sequences, three-dimensional data or image composition of several cameras.

The simplest systems, usually found in cheaper phones, may only compare your face to a previously saved face image, other systems use measurements such as the distance between your eyes, the measurement from your forehead to your chin, or the shape of the contours of your lips, but not always without problems.

However, it can go quite badly if the technology is used maliciously. While it is up to us whether we use this technology on our phones, opting out of CCTV cameras managed by businesses or the government can be difficult, creating a problem of loss of anonymity in public spaces.

Reliable verification of a user's identity Easy tracking of citizens' movements and whereabouts Multi-function: phones, payment verification, fast passport control Loss of anonymity in public spaces Easy recognition and identification of criminals Government surveillance Easy detection of missing persons in large gatherings Commercial behavioral profiling that can be sold to advertising or other matching without consent safer than passwords Possibility of data breaches and access to sensitive content

Figure 3. Face recognition – advantages and disadvantages

Figure 4. Face recognition settings in Android and iOS

3. Voice recognition

“Hey Google” or “Hey Siri” are simple commands you can use to interact with your phone’s voice assistant. In fact, these are voice recognition systems that only respond to your specific voice commands. When you set up your phone, you’ll be asked to say some phrases out loud so the algorithm can learn voice patterns that it will continue to learn through real-world use. The more you talk to a virtual assistant, such as Google, Siri or Alexa, the more it will recognize your voice patterns.

Figure 5. Voice recognition on Android and iOS

Biometrics at a glance – advantages and disadvantages

Biometric authentication is convenient, but it poses new challenges to our privacy and security. While these technologies can replace long and hard-to-remember passwords, they can also be a way to give away our personal biometric data without always being sure how it will be used.

Data breaches mean hackers can access and sell information to malicious actors who, for example, can create molds of our fingerprints and use them to gain access to buildings or devices without our knowledge or consent.

And even as we consider how difficult these personal traits are to bypass, other technologies like facial recognition reveal themselves to us all the time. And while governments use the security argument to use facial recognition cameras, it’s hard to know exactly who are the people they want to target and how those images might be used in the future.

Figure 6. Biometric authentication – benefits vs. disadvantages

Figure 7. Health data on an iPhone

And that’s just the beginning

Wearables, such as fitness trackers and smartwatches, are increasingly aware of our heartbeats, sleep patterns, breathing rates and even gait stability. Soon even behavioral biometrics, like the way our hands move to take our phones out of our pockets or how we walk, may be enough to identify us. Although these technologies are a dive into what we imagine a sci-fi future to look like, their use requires a thoughtful discussion around technological development, security and privacy.

William

Leave a Reply

Your email address will not be published.