Well first, biometrics systems can't protect against old-fashioned social engineering. These intruders -- social engineers and other con-types -- lie to gain entry into secured areas by posing as legitimate employees. All they have to do is convince the owner of the biometric key, say the person guarding the gate whose fingerprint opens the door, for example, that they need entry. If that person is compromised (fooled) and activates the biometrics system for his erstwhile intruder buddy, the intruder gets in. And, of course, if the two are deliberately colluding, the outcome is obviously the same.
Biometrics can be excellent, often superb, security systems against technical threats but, like other security systems, they wither against human threats. Besides, the serious crook confronted with a biometrics system will just figure out another back door in and won't bother with trying to crack it. Also, biometrics systems currently aren't as finely tuned to detect errors as non-biometric systems, such as smart cards, tokens, and good old user IDs and passwords. Passwords are passwords. They're either typed correctly, or not. But fingerprints can be smudged or distorted by cuts and burns, therefore faking out fingerprint scanners and blocking legitimate users. Face recognition systems can, at times, allow two different people, who may closely resemble each other, to pass. And some illnesses can change the pattern of veins in the user's retina, defeating retinal scanning systems.
Does this mean biometrics systems just aren't ready for enterprise use and shouldn't be considered at this point? Not at all. They are better for physical security, such as guarding the entrance to data centers, than for application security, such as logging onto a Web site. They just shouldn't be seen as the impenetrable magic wall protecting the castle. Strong as they are, they can still be defeated.
Dig Deeper on Biometric technology
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.