Manage Learn to apply best practices and optimize your operations.

Smartphone biometrics: Risks and implementation hurdles

Mobile biometric authentication, including that technology on smartphones, has yet to be widely deployed. Expert Michele Chubirka explains why.

Employees are increasingly asking about smartphone biometrics. What are the risks posed by mobile biometrics?

Ask the Expert

Got a vexing problem for Michele Chubirka or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Biometrics authentication, aka "something you are," while often seen in movies or TV, still hasn't gained much traction for mainstream security deployments. Sure, you might see iris scanners in secure government installations and data centers, but outside of that, biometrics has been more of a novelty -- a feature included on a laptop that generally never got used. However, biometrics has seen renewed interest with the recent release of the iPhone 5s and iOS 7, in which Apple introduced an integrated fingerprint reader called Touch ID.

Sounds great, right? Why not use smartphone biometrics to authenticate an individual based upon a physical characteristic, something that is guaranteed to be unique to that person? However, even with improvements to biometric technologies, barriers to implementation remain.

One main hurdle has been reliability. Even manual fingerprint analysis has been criticized for containing a level of subjectivity when methods are inappropriately applied. False acceptance rates (FAR) and false rejection rates (FRR) can be high with mass-market biometric fingerprint devices, often due to dirt, oil buildup or scratching on the reader. Then there's the ability to spoof mass-market devices, with photocopied fingerprints or even gummy bears. There are already reports surfacing of unreliability using Touch ID to unlock the iPhone. This could be due to the small size of the sensor, user error or its location on the phone’s home button, potentially making it prone to damage.

Besides the inconvenience to the user due to FRRs and potential breaches to security caused by FARs, Dave Aitel, CEO of security assessment vendor Immunity Inc., believes the greatest barrier to biometrics is the issue of permanent compromise. If your fingerprint becomes "pwned" by an attacker, then it can no longer be trusted, and it's much easier to replace an RSA token than a finger. While it's tempting to use convenient mass-marketed biometric devices like the iPhone's Touch ID, it's probably safer and kinder to your help desk to focus on more dependable devices using a One-Time Password (OTP).

This was last published in April 2014

Dig Deeper on Two-factor and multifactor authentication strategies

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.