Software security has changed. Security is no longer dictated by passcodes or keys, with the help of biometrics such as fingerprints, eye scans, voice and facial recognition, unique human features are now being used for identification and access control or for identifying individuals.
So, what are biometrics, how do they work, how are they used and how are they affecting software development? Let us delve a little deeper.
What are biometrics?
Biometrics literally translates from Greek to “measuring life” and the International Organisation for Standardisation has defined biometrics as “The automated recognition of individuals based on their biological and behavioural characteristics.”
To break it down, biometrics are any metrics related to human features, for example, some of the most common biometrics used today are the iPhone’s fingerprint and facial recognition technology.
Biometrics are about identity and the technology encompasses all the ways we can use physical and behavioural traits to identify a person. Biometric analysis itself isn’t new but the technology is emerging and as it advances so do the ways we can use it.
How does biometric software work?
You will most likely have used biometrics in everyday life and not even realised it. If you have ever used your fingerprint to unlock a device, then you will have a vague idea as to how it works.
Biometric information is recorded, in this case the information is your fingerprint, the information is then stored to be accessed later for comparison with the “live” information.
Fingerprints are just one example of biometrics; eye scanning is one of the most recently developed forms of biometric technology. In this case, the iris is scanned, and the unique information is recorded.
A biometric system consists of three different components:
The sensor records the information, the computer stores this information and the software connects the computer hardware to the sensor.
Biometric authentication and biometric identification are not only an extremely secure way to log in to your devices, but it also removes the hassle of remembering multiple account passwords.
Biometrics aren’t just useful for commercial users; law enforcement can also use the technology to catch criminals.
How is biometric software used?
So, now we know how it works, let’s find out how it’s used:
This is one of the most powerful uses of biometrics, one that is used daily by millions of people all over the world when unlocking a phone or tablet. This is an incredible use of biometrics but it doesn’t come without its vulnerabilities. Biometrics researchers have shown that it’s possible to extract and duplicate a person’s fingerprint using a high-resolution image and hackers have also been able to lift fingerprint residue from a device to create an artificial fingerprint, bypassing the login security.
Then the technology advanced and it became possible to ‘map’ someone’s facial features and compare them to a live image for authentication. This has been used for years at border control and in police investigations but is now being used on mobile devices where Face ID technology allows the user to log in to the phone with their face, as well as authenticate on-device and in-app purchases.
A person’s retina contains unique blood vessel patterns, which makes for the perfect biometric data. A retina scan measures the unique patterns on a person’s retina and is the second most reliable and precise biometric after DNA. This has been trialled in some high-security access circumstances such as banks, which has revealed a few issues with this method of security access. Retina scanning equipment is very expensive and requires close proximity to the user’s eye. The accuracy of this can also sometimes be affected by diabetes, glaucoma or astigmatism.
This form of biometrics is mostly used by law enforcement as a way of establishing a person’s unique identity but has been extended to medicine and genealogy. It’s a way of linking people together as members of the same family, tracking the origins of ancestors and estimating the risk of certain diseases. DNA has been found to be the most accurate method of biometrics but it’s still not 100%. Results can easily be skewed if test samples are not correctly collected and the analysis process can be so complex that it is far from a commodity technology. So, let’s not get our hopes up for DNA-locks on our smartphones any time soon.
Voice recognition isn’t as commonly used as the methods mentioned above. Still, it has the potential of being a useful tool for supporting authentication as each voice has certain unique qualities. It could also be one of the most secure, as voice tone, depth, speed, and patterns are very difficult to mimic. Barclays Wealth was the first financial institution to launch voice recognition as part of its authentication process for incoming customer calls, and it is now rolled out as an option for biometric identification.
The legal quagmires of biometrics
Whilst it’s great that we are seeing more and more technology solutions becoming available for tracking and recording biometric information, we are also becoming very vulnerable to things like identity exposure, identity theft and involuntary information sharing. In most circumstances these methods are a way of heightening security and it may seem like a great safety measure to add retina scanners to certain office locations, however, it opens a whole new horizon of data security considerations.