This article was published on March 9, 2016

Biometric logins will replace passwords, but you just never know who to trust


Biometric logins will replace passwords, but you just never know who to trust

With the increasing prevalence of fingerprint scanners on smartphones and other devices, and a growing number of services calling for authentication of some kind, using your biometric info to secure access will only become more commonplace.

In theory, that should make your life a whole lot easier – no longer needing to remember passwords, because your fingerprint or iris scan or whatever else is being used will be enough.

However, with hack after hack hitting headlines, it’s hard for me as a user to feel entirely secure with sharing that information – but then you pretty much have no choice if you want to use a particular service.

Take Human’s visualization as a tiny indication of the data we’re sharing every day – that’s just one company and only looks at location data for one day. Extrapolate that out to all the services you share you personal information with on a daily basis and now imagine that all of those companies had your biometric data too.

Your reaction to that thought is probably one of three positions:

1)  You might not be bothered. You don’t really care who does what with your data as long as it doesn’t really interfere with your life. You don’t mind having targeted ads and companies knowing where you’ve been, what blood type you are, your heart rate, your fingerprints and everything else.

2) The thought of handing that data over willingly to a company or government is one that you can’t even contemplate and so you probably don’t use any of the services. You might also live alone in the woods.

3) You want to use the services, but aren’t entirely comfortable with the way in which consent is given. You don’t read the terms and conditions before clicking ‘next’ but also worry about the security of your data and how it’ll be used.

You could read those terms and conditions, but in many cases, they’re so vague and designed not to be read, that it’s an almost pointless exercise if you’re trying to work out where your data goes.

This is bad enough already with the data we already share – and highlighted by recent actions like the revoking of the Patriot Act and its replacement the Freedom Act – when you have to wonder how your fingerprints or other biometric/personal data will be used in the future, there’s virtually nothing to do but hope.

In the UK, for example, HSBC has said it will roll out two-factor voice and fingerprint verification. That’ll help customers, and you’d expect a bank to have pretty robust security – but it’s not like even a bank is above falling foul to a cyber attack that locks customers out for days.

And perhaps the thought that all your data is being safely encrypted somewhere might reassure you, but again, depending on the security used, it’s not like encryption is unbreakable – just 10 days after the Ashley Madison hack, 11 million passwords had been revealed.

Where this leaves the average consumer is a position of faith – there’s little you can do to really verify the practices or security of the businesses you entrust your data to.

Still, with most people seemingly still relying on terrifyingly awful passwords, entrusting your data to a huge company using two-factor authentication is probably still safer than using 123456.

In theory, that should make your life a whole lot easier – no longer needing to remember passwords, because your fingerprint or iris scan or whatever else is being used will be enough.

Biometric data is unique, there’s only one you and you’ll struggle to lose or forget your fingerprints.  Security companies are also becoming increasingly good at preventing false positives or false negatives, which should go some way to that faith.

But if that database of unique biometric data gets into the wrong hands, and those people know what to do with it, that’s a whole sci-fi scenario waiting to happen.

Get the TNW newsletter

Get the most important tech news in your inbox each week.