Problems with Biometric Login Systems
view all blogs...

Justin Bess :: June 5, 2018

My retina is my password, so I’m secure

There are many problems with biometric login systems, but it only needs one major issue to keep it from being useful. The major issue with biometric systems, is that, it uses part of your identity that can not be changed for authentication. This identity part, should be non changing, and unique to you. This isn’t very problematic in nature, until you understand that inevitably, these biometric logins will be hacked. There is nothing superficial about biometric systems, they can be target for attacks just like standard passwords are today. The problem is that these biometric passwords, could be less secure, as they are limited in the amount of data being passed, and they are non-changing. If someone steals your thumb-print, you can never change your print. This means your attacker would have continued access to your account. Maybe you change your password to your pinky… Eventually, though, you’ll run out of biometric parts. This is a bad design for authentication. To prove how easy someone could bypass a biometric authentication system, Jan Krissler demonstrated it by simply using photos! Read this article for more information. Biometric parts are also bad in general, as most of your biometric parts are publicly visible. People can take photos of your prints, your eyes, etc, and you might not even know it. They could then use these photos to bypass an authentication system.

To keep it simple, biometric systems are a horrible idea as the gateway for login systems. They are however, perfectly adequate for a secondary authentication. They still aren’t perfect, because I feel like this type of authentication could easily be fooled, but at least it’s not the only form of defense. A lot of services today are making use of dual authentication, whether it be a text to a phone, or an e-mail composed of a key. We can factor in biometric authentication here, and it’s suitable. Just make sure you never use biometrics alone for authentication. Otherwise, old 90’s mobsters are going to cut your finger off to login to your facebook.