Definition

biometrics

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. The technology is mainly used for identification and access control or for identifying individuals who are under surveillance. The basic premise of biometric authentication is that every person can be accurately identified by their intrinsic physical or behavioral traits. The term biometrics is derived from the Greek words bio, meaning life, and metric, meaning to measure.

How biometrics works

Authentication by biometric verification is becoming increasingly common in corporate and public security systems, consumer electronics and point-of-sale (POS) applications. In addition to security, the driving force behind biometric verification has been convenience, as there are no passwords to remember or security tokens to carry. Some biometric methods, such as measuring a person's gait, can operate with no direct contact with the person being authenticated.

Components of biometric devices include the following:

  • a reader or scanning device to record the biometric factor being authenticated;
  • software to convert the scanned biometric data into a standardized digital format and to compare match points of the observed data with stored data; and
  • a database to securely store biometric data for comparison.

Biometric data may be held in a centralized database, although modern biometric implementations often depend instead on gathering biometric data locally and then cryptographically hashing it so that authentication or identification can be accomplished without direct access to the biometric data itself.

Types of biometrics

The two main types of biometric identifiers are either physiological characteristics or behavioral characteristics.

Physiological identifiers relate to the composition of the user being authenticated and include the following:

types of biometric authentication
These are some examples of different types of biometric authentication.

Behavioral identifiers include the unique ways in which individuals act, including recognition of typing patterns, walking gait and other gestures. Some of these behavioral identifiers can be used to provide continuous authentication instead of a single one-off authentication check.

Biometric data can be used to access information on a device like a smartphone, but there are also other ways biometrics can be used. For example, biometric information can be held on a smart card, where a recognition system will read an individual's biometric information, while comparing that against the biometric information on the smart card.

Advantages and disadvantages of biometrics

The use of biometrics has plenty of advantages and disadvantages regarding its use, security and other related functions. Biometrics are beneficial because they are:

  • hard to fake or steal, unlike passwords;
  • easy and convenient to use;
  • generally, the same over the course of a user's life;
  • nontransferable; and
  • efficient because templates take up less storage.

Disadvantages, however, include the following:

  • It is costly to get a biometric system up and running.
  • If the system fails to capture all of the biometric data, it can lead to failure in identifying a user.
  • Databases holding biometric data can still be hacked.
  • Errors such as false rejects and false accepts can still happen.
  • If a user gets injured, then a biometric authentication system may not work -- for example, if a user burns their hand, then a fingerprint scanner may not be able to identify them.

Examples of biometrics in use

Aside from biometrics being in many smartphones in use today, biometrics are used in many different fields. As an example, biometrics are used in the following fields and organizations:

  • Law enforcement. It is used in systems for criminal IDs, such as fingerprint or palm print authentication systems.
  • The United States Department of Homeland Security. It is used in Border Patrol branches for numerous detection, vetting and credentialing processes -- for example, with systems for electronic passports, which store fingerprint data, or in facial recognition systems.
  • Healthcare. It is used in systems such as national identity cards for ID and health insurance programs, which may use fingerprints for identification.
  • Airport security. This field sometimes uses biometrics such as iris recognition.

However, not all organizations and programs will opt in to using biometrics. As an example, some justice systems will not use biometrics so they can avoid any possible error that may occur.

Security and privacy issues of biometrics

Biometric identifiers depend on the uniqueness of the factor being considered. For example, fingerprints are generally considered to be highly unique to each person. Fingerprint recognition, especially as implemented in Apple's Touch ID for previous iPhones, was the first widely used mass-market application of a biometric authentication factor.

Other biometric factors include retina, iris recognition, vein and voice scans. However, they have not been adopted widely so far, in some part, because there is less confidence in the uniqueness of the identifiers or because the factors are easier to spoof and use for malicious reasons, like identity theft.

Stability of the biometric factor can also be important to acceptance of the factor. Fingerprints do not change over a lifetime, while facial appearance can change drastically with age, illness or other factors.

The most significant privacy issue of using biometrics is that physical attributes, like fingerprints and retinal blood vessel patterns, are generally static and cannot be modified. This is distinct from nonbiometric factors, like passwords (something one knows) and tokens (something one has), which can be replaced if they are breached or otherwise compromised. A demonstration of this difficulty was the over 20 million individuals whose fingerprints were compromised in the 2014 U.S. Office of Personnel Management (OPM) data breach.

The increasing ubiquity of high-quality cameras, microphones and fingerprint readers in many of today's mobile devices means biometrics will continue to become a more common method for authenticating users, particularly as Fast ID Online (FIDO) has specified new standards for authentication with biometrics that support two-factor authentication (2FA) with biometric factors.

While the quality of biometric readers continues to improve, they can still produce false negatives, when an authorized user is not recognized or authenticated, and false positives, when an unauthorized user is recognized and authenticated.

Biometric vulnerabilities

While high-quality cameras and other sensors help enable the use of biometrics, they can also enable attackers. Because people do not shield their faces, ears, hands, voice or gait, attacks are possible simply by capturing biometric data from people without their consent or knowledge.

An early attack on fingerprint biometric authentication was called the gummy bear hack, and it dates back to 2002 when Japanese researchers, using a gelatin-based confection, showed that an attacker could lift a latent fingerprint from a glossy surface; the capacitance of gelatin is similar to that of a human finger, so fingerprint scanners designed to detect capacitance would be fooled by the gelatin transfer.

Determined attackers can also defeat other biometric factors. In 2015, Jan Krissler, also known as Starbug, a Chaos Computer Club biometrics researcher, demonstrated a method for extracting enough data from a high-resolution photograph to defeat iris scanning authentication. In 2017, Krissler reported defeating the iris scanner authentication scheme used by the Samsung Galaxy S8 smartphone. Krissler had previously recreated a user's thumbprint from a high-resolution image to demonstrate that Apple's Touch ID fingerprinting authentication scheme was also vulnerable.

After Apple released iPhone X, it took researchers just two weeks to bypass Apple's Face ID facial recognition using a 3D-printed mask; Face ID can also be defeated by individuals related to the authenticated user, including children or siblings.

This was last updated in August 2020

Continue Reading About biometrics

Dig Deeper on Biometric technology

Join the conversation

16 comments

Send me notifications when other members comment.

Please create a username to comment.

Do biometrics mean that the police will be given your details?
Cancel
They will have access to facial recognition and who knows what else. I wish all of us GODSPEED even to those who will be ignorant to the fact.
Cancel
Do you think biometrics will be the primary approach for authenticating people to prevent identity theft?
Cancel
Not the primary approach. But yes it is the best way to authenticate someone's identity. Because no two person can have the 100% similarity.
Cancel
yes
Cancel
It makes you wonder. You see how people bypass these all the time in movies and TV shows. Is this for real or just Hollywood? I have seen people get around fingerprint scanners with little effort. Getting around facial recognition might work the same way. Then again if you had and accident and you were disfigured, would your Bio-metrics fail and lock you out of your own device or system? A combination may be the best bet. After all for the average user, nobody will go through that muck work to get around the bio-metric safeguards.
Cancel
Bugs and Chips are physical evidence that this modern invisible Biometric mark is scientifically done are many citizens without their consent, this form of high profile surveillance; a co-op industry conducting the soul the mind the creativity experimentation or research are extremely uncomfortable has side effects, these individuals deserves some type of compensation. This is why government officials in security say they can predict behavior modes, where a person will go will do will say, when I think about it, I feel violated in the worst way.
Cancel
Hello,
Personally, I have no problem with the face recognition or the thumbprint, etc. As long as there is never a "chip" system forced. To some it may not seem different but it is. I even think there should be a voice recognition, especially for women who live alone. All these systems are good because a person has a choice as to whether they will use the devices. But when it comes to a "chip" well, think about it...
Cancel
It's not quite 100% that we can realize on Biometrics because as I saw in some research Biometrics maybe not working well if people using such as mask or some substance to hide their identification. But I'm not quite sure if Biometrics technology would get over all what I have mentioned.
Cancel

Trying to work out the height of Isambard Kingdom Brunel's famous top hat by using the distance between his eyes and then estimate - on the same picture of him what the measurement would be?

Cancel
Biometrics refers to processes that are used to recognize, identify and authenticate people based on their physical or behavioral characteristics. They match an individual’s identifiers to their biometric template already stored in the database. Biometrics technologies are employed across schools, colleges, and corporate and government offices as they are reliable, accurate and difficult to forge.
Cancel
what is the future of biomatric or what were new advancment in biomatric?????
Cancel
Facebook is experimenting with using video for facial recognition to keep out bots. 
Cancel
If Facebook is going to start using facial recognition, how will that work for users with desktops with no camera? If they make exceptions for these type of devices, then the bots will just migrate to that type of device and it defeats the purpose. 

Cancel

I would like to know if biometric clocking machine has any heath hazard implications, specifically the finger print machine. Some people believe it may release some radiation / radio waves or something like that. is that a fact or a myth?

Regards Ryan

Cancel
Ryan, this is a good question to ask our community members at IT Knowledge Exchange. https://itknowledgeexchange.techtarget.com/itanswers/  As far as I know, the recent buzz that there's a correlation between finger scanners on time clocks and skin cancer is simply not true.  
Cancel

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close