Editors' pick: Originally published Sept. 29, 2016.
The use of James Bond-style technology such as facial recognition and fingerprint and iris scanners in everyday products is becoming ubiquitous as consumers are increasingly relying on them, but their failure could prevent people from even unlocking their doors.
The dependency on this technology has proved challenging, even though it currently complements existing passwords and PINs, said Joseph Carson, head of global strategic alliances at Thycotic, a Washington D.C. based provider of privileged account management (PAM) solutions.
"James Bond has been using biometric technologies for years in many movies and the technology has ranged from iris scanners to the use of the famous Ericsson mobile phone to remotely control a BMW," he said.
Odds of Failing Remain High
As more companies adopt biometrics to authenticate its users and want to eliminate the use of passwords, one of the main challenges aside from the large financial investment is that many of them demonstrate a high probability of failure, Carson said.
A small injury to your finger or hand can immediately either render the fingerprint scanner useless or high resolution photos can be used to create fake fingerprints, he said. Even voice recognition has its faults and can easily be replicated while some facial recognition software in the past could be bypassed previously when using a photo.
Upgrades to the software is constantly being updated and improved and in the near future, the use of fingerprint and facial recognition could "likely replace existing authentication and access methods in the near future," Carson said.
The most widespread adoption consumers are familiar with has been Apple's use of a fingerprint scanner used to unlock its iPhone. The latest version of Windows allows individuals to use biometrics to unlock their laptop with a scan of their fingerprint. Immigration and passport controls are now using facial recognition for E-Passports, which is being heavily used across many airports to automate immigration, he said.
Limitations of Biometrics
The widespread adoption and convenience of biometric sensors has given consumers greater and simpler access to their hotel rooms and bank accounts, but integrating these various forms of authentication has posed its own issues, said George Avetisov, CEO of New York-based HYPR Biometric Security.
One technology cannot be a good fit to verify all products geared towards mainstream consumer use and finding the right one requires more than trial and error since each type is fraught with it own limitations.
One of HYPR's customers is a motorcycle manufacturer who is integrating biometrics into their app so consumers can remotely start their engines.
"Their drivers are unable to use fingerprints because they wear gloves and they can't use facial recognition because they wear helmets, so the answer was voice recognition," he said.
While facial recognition is a fast way to authenticate someone, it requires adequate lighting conditions. Iris scans also work well, but they require users to hold the device in a certain way, which can be frustrating for consumers. Fingerprint sensors are "fantastic but are not available on every device," Avetisov said.
The other types of biometrics such as palm recognition are also useful, but the match can take awhile and even voice recognition requires a low level of noise.
The clear winner is the use of fingerprints, but it is not likely to maintain the most widespread adoption because facial recognition is catching up with Windows Hello, which uses fingerprint or facial recognition and technologies like Intel RealSense which allows for depth-sensing technology for gestures, objects and facial recognition, he said.
"It is important to note that there may not be a 'clear winner' in the biometrics race," Avetisov said. "Different modalities are best implemented in different conditions based on different cases. It is important for enterprises to support all types of biometric tokenization."
The latest options on mobile devices such as liveness checks will help prevent spoofing attacks which offer more flexibility and scalability so that various biometrics can be adapted automatically, said John Callahan, chief technology officer at Veridium, a Boston-based mobile biometric authentication company.
"All biometrics have limitations and even a 5 megapixel camera on a mobile phone will not be able to capture enough detail for facial recognition in low light situations," he said. "Biometrics allow convenient access while verifying that a specific person gained access or attempted to gain access at a specific location and time. There is no need to remember passwords or PIN numbers or to carry two-factor authentication tokens. Today's smartphones provide plenty of horsepower for advanced encryption in real-time."
Biometrics Not Immune to Hacking
Hackers are always one step ahead and on the prowl for vulnerabilities to infiltrate biometric systems as more companies and consumers adopt the use of them. The popularity of biometrics means unwanted access to personal information is rising even though the technology is often "touted as the latest and greatest," said Carl Herberger, a vice president of security solutions at Radware, a Tel Aviv, Israel-based cyber security company.
"While biometric systems are inherently more secure than using single-factor authentication, they have the potential to be compromised and their data taken," he said. "However in this case, replacing something that you are such as fingerprints and retinal scans isn't an easy reality. While the future value of stolen biometric data has yet to come to light, it is important to be vigilant in the deployment of these technologies and close gaps where intruders may be able to gain access."