Biometrics has become a hot topic in computer security. Using biometrics has a number of advantages but finding reliable solutions is still a problem. A lot of money has been spent on finding commercially viable solutions. But it is still a long way to go before biometrics will be used instead of passwords for authentication.
Biometric authentication has several advantages compared with passwords, the standard solution in the computer world. Passwords can be forgotten or stolen. Using biometric identification to recognize a person based on her physiological or behavioral characteristics avoids such problems. Using biometrics for authentication isn’t actually something new, fingerprints may have been used already in the ancient Babylonia 4000 years ago.
But finding a reliable biometric system for authentication is far from easy. It should be something unique, so every person can be identified. At the same time it needs to stay relatively constant over time and should be both quick and easy to apply. Fingerprints have been used long before computers entered the stage but other biometric systems are also being tested. But as mentioned, no reliable solution has been found that could be for example built into laptops.
Biometrics also creates potential privacy concerns. Users are of course aware when they are asked to enter a password but biometrics data can be collected without active participation of the users, which means that they may not even be aware that data is being collected. Governments can for example collect detailed information of all the flights people have made, even if there is no security justification to store such information. If DNA data is collected, it is even possible to trace illnesses and genetic conditions that have nothing to do with the identification process.
In movies, biometric authentication is often depicted as very easy and reliable. But in practice it is often very difficult for computers to determine the accurate response, which may require a lot of processing as well.
One problem with biometrics compared with passwords is that is not replaceable. While a stolen password can be easily replaced, biometrics is not easy to replace.
There are several international biometrics standards available. And a number of new ISO/IEC standards are being developed. One of the main problems is to find a reliable system that makes it possible to identify people without being too strict. The biometrics profiles of two people may overlap, in which case it is important that the system can identify both people accurately without rejecting people because they can’t safely be uniquely identified.
The enrollment of people in biometrics systems is more complicated than issuing passwords. Typically, special equipment is required which is only available in a few places. Some people have biometrics that are far outside the normal values which may cause the biometrics system to reject them.
At the moment, no biometrics technology has become dominant. Several different biometrics systems are being used. Fingerprint, iris, face, hand geometry and voice are the most widely used at the moment. Fingerprints are the most commonly used biometrics right now. Fingerprints have a number of advantages, they are unique, don’t change over time and relatively easy for computers to recognize. But some people associate finger prints with criminals and not everyone like to touch a sensor that has been touched by unknown people. Fingerprints also require active participation. Face recognition does not require active participation but has a number of disadvantages. Faces can be obstructed by glasses, hair, hats and many other things. Faces also change over time and good cameras are needed to get accurate results.