From Naked Capitalism comments:
April 21, 2017 at 7:30 am
I have worked in information systems security for 30 years, and I have advised that biometric authentication is a bad technology approach. At the end of the day, the digital representation of your biometric data is just a digital token every bit as match as the magnetic stripe data on your card. The big difference is that if your biometric data is compromised, you cannot be issued new biology. [emphasis added --tm] Every biometric marker can be collected without you even knowing (referred to as “non-cooperative” collection) with simple technologies. Once someone has your biometric data, they can authenticate or digitally sign as you. Further, the general consensus of the movie-watching public is (incorrectly) that biometrics are the strongest authentication method, making it more difficult to repudiate.
Biometrics are a good technology for identification, but not for authentication. [good as in efficient, not as in ethically sound --tm] These two security concepts are often conflated. Identication is basically just your username used to reference who you are, whereas authentication is the method of confirming that an identity is who you think it is. Biometric identifiers add convenience in performing the identity step, but add nothing in terms of security any more than your username or email address alone would.
April 21, 2017 at 8:41 am
Twenty years in IT, over ten in identity management, have allowed me a ring-side seat to this particular circus. We all really want to believe the PowerPoints, but they’ve all fallen short. Most of the discussion has focused on the physical limitations of particular technologies, like the poor quality resolution of past fingerprint scanners, but never reaches the more important practical weaknesses of any single or even two factor concept like that proposed here. As QuarterBack points out, probably the most dangerous aspect of any biometric auth scheme is that the factor (or factors) used cannot be changed (no reissuing as with a new credit account number or digital certificate). Therefore if stolen the only option for the victim is to be forever barred from using that scheme. [emphasis added --tm] And as QB also points out, fingerprints are one of the easiest biometric factors to acquire, without the owner ever knowing about it.
In sum, there are a lot of approaches better than this from an identity management point of view. [such as? --tm] Unfortunately fingerprint scanner tech already has (totally unjustified) cache[t] with a credulous public, and can make a lot of money for manufacturers, so it’s almost certain to show up in force over and over. Here’s hoping it doesn’t take off.
April 21, 2017 at 10:18 am
Thanks philnc. BTW, for a real life example of the problem of using non-revocable identification factors for authentication, look no further than the history of using social security numbers for this purpose. In the past, “what is your social security number?” was a common method of authenticating. That did not work out so well, because SSN was too easy to acquire. Also, as many (unfortunately) may know, that when your SSN is compromised, it initiates a cascade of subsequent problems. Even then, in extreme circumstances, you can get a new SSN, but good luck with that. I have to say, that it boggles my mind that many organizations (including banks) still use last-4 of SSN for authentication (someone might steal you SSN, but the last-4 is MUCH more secure?).
Another problem with biometrics for identification, is that unchangeable identifier can be used (by anyone with knowledge of it) to track or monitor you forever. If your identity (say a username or account number) is compromised, you could always get another one. I recommend compartmentalizing identifiers in many cases on a system by system basis. Governments will always have some ability to stitch these separate identifiers together, but you don’t want just any grifter or hedge fund player to be able to monitor you.