Posted on August 4, 2016 by staff

Biometrics “less secure than passwords” despite hype


Samsung’s new Galaxy Note 7 phablet will feature an infrared iris scanner – but biometrics are less secure than passwords.

That is the view of Jeremy Bergsman, who advises Fortune 500 chief information security officers on security best practices.

Apple led the way in smartphone biometrics with the iPhone 6’s fingerprint scanner, and Samsung are going full ‘Minority Report’ with the Galaxy Note 7.

“Many technology trend forecasters are speaking about biometrics as the ultimate authentication solution,” CEB practice leader Bergsman told BusinessCloud.

“Although biometrics are a more convenient method of authentication, they are also less secure.

“Biometrics are likely not harder to hack than passwords. After all, they were never designed to be secret.

“We make sure to not tell others our passwords, but it is difficult to imagine us wearing gloves everywhere we go to avoid leaving fingerprints.

“It might be easier to swipe a finger than type in a code, but this convenience can come at the expense of security.”

Banks – the most security-conscious of businesses – have led the way in adopting technologies such as retina scans, fingerprint readers and voice recognition.

However Bergsman sees problems down the line.

“A stolen biometric has potentially greater repercussions for users,” he said.

“A biometric reveals a part of our identity that is immutable and could be used to falsify travel and criminal records, and legal documents.

“While we will continue to see more consumer products using biometrics because of the premium end-users put on convenience, enterprise products will likely opt to ensure the maximum security of their information because of the high potential fallout if that information is stolen.”

CEB said that its data showed less than 25% of firms have deployed biometrics while 43 per cent indicate that they see “low or no value” in the technology.

There are worries that the cyber skills shortage will put firms at increased security risk.