Americans are growing increasingly comfortable with biometrics as a means of confirming their identity, with a recent survey finding 81% of respondents would be receptive to using biometrics in airports. Many consumers are already relying on biometric authentication to log into various online accounts, and companies are taking steps to incorporate biometric capabilities into more devices and systems. As a result of these factors, the biometric market is expected to reach nearly $33 billion by 2022.
The technology offers a range of benefits for businesses and consumers alike, however, there is a critical misconception that must be addressed: biometric authentication is not immune to the threat of hackers. Over the summer, a security flaw with Biostar 2, a system used to secure commercial buildings, exposed the biometric data of more than a million users. This is a serious vulnerability with lasting, irreversible implications for consumers.
As Enzoic’s COO, Josh Horwitz, wrote in a recent piece for IT Security Guru, “Think about it; you can’t change your fingerprint or your face. If biometric information is exposed, then any account where you use this method of authentication is at risk. There is no way to reverse the damage.”
Josh argued that biometrics must be viewed as part of a company’s identity management security strategy, where other security elements should also be included to mitigate the potential risk. Potential steps include:
In addition to these considerations, it’s critical that companies store passwords and biometric data securely. As Josh put it, “… password data should not be stored in plain text and a strong hashing algorithm should be utilized to make it as difficult as possible for hackers to crack the algorithm in case there is a breach.” Biometric data should have even more stringent storage security protocols in place.
There’s no arguing that the low-friction nature of biometrics is appealing to users —and to the companies that want to make their user experience as seamless as possible. However, viewing biometric authentication technology as a bulletproof security strategy is a mistake. It is important that organizations are aware of biometrics’ limitations and take steps to ensure both the security of this information and that of their users’ accounts.