We're in the process of considering different biometrics options for access to highly sensitive information. Would you recommend one area of biometric recognition as more secure than others? For example, would facial recognition software offer greater security than a fingerprint scanner or voice recognition software?
When it comes to biometric security technology, almost all the commercial biometric devices have been breached at some point, government devices excluded. Whether digital photos where used to fool facial recognition systems, high-quality MP3 recorders were used to con voice recognition software, or fingerprints were lifted off of coffee cups for use on fingerprint scanners, nary a one was secure against persons seriously attempting to breach the device.
With that said, for each method that breached the biometric device, a lot of effort and resourcefulness was needed. If you're interested in general business office security for an environment that's unlikely to face such concerted efforts by attackers, using biometrics can be a fine option. The choice among types of biometric devices will depend on several factors: cost/benefit (some biometric products can cost as much as $1,000 per user), volume of flow (You wouldn't want to use a facial recognition system in a heavy traffic lobby area; fingerprint scanners would work better.), in-place physical security to limit access, social acceptability and, of course, business need.
With the details above in mind, there is little confidence differentiation between optic, fingerprint and audio biometrics. The larger differentiation will concern costs per user and support, volume of traffic, user acceptance and layout of the physical area to protect. All three offer low levels of false positives and negatives, but even the MythBusters were able to break these devices on nationwide TV.
Dig Deeper on Network Device Management
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.