Is Biometrics More Secure than Text Passwords?
Debesh Choudhury, PhD
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
It is remarkable that biometrics can bring the identity within the physical body of a human being. That is the reason biometrics is being projected to be a password. Biometrics based digital identity promises convenience. But what about the security? Is biometrics more secure than text passwords? What is the problem with text passwords? Should biometrics be accepted as the only password for security? Many questions surface.
Biometrics is a convenience of bringing your own password
The proponents of biometrics point to the physical identity with every human. They highlight the convenience by which one can utilize their human person as a signature for identification and authentication. They also place liveness test as a way to secure the authenticity of the person beholding the biometrics.
Biometrics technology may have inherent problems and limitations
Biometrics is not hundred percent reliable. A fallback system is necessary in case biometrics recognition fails. Biometric data once hacked can create lifelong problems, because one can't reset his/her biometrics. The spoofing technology has been making alarming progress, some of which can also bypass / fool the biometrics liveness test.
Can we explain how biometrics is more secure as a password?
The proponents often forget to explain why biometrics can be more secure than text passwords. Moreover biometrics without a fallback system can create severe problems. The hype of biometrics-only passwords may create even more problems. It may result in a catastrophe in the FinTech sector which are the most targeted users of biometrics.
Will biometrics convenience come over security of data assets?
As a biometrics researcher, I can't help raising some questions. How to combat the modern technologies for biometrics spoofing? Will it be right to go for biometrics-only password security? Is the world rushing for making biometrics as the default / mandatory password security system?
Should biometrics be used as passwords?
Biometrics is being forcefully discussed in security conferences as a signature for personal identification and authentication. The hype is so much that the future of password security is inclined to gamble with biometrics as the only password system. Do you think that biometrics would be a better choice as a signature to be used as physical passwords over text passwords to identify and authenticate humans?
I would love to get your views and suggestions. If you like this article, please click "Like" or any other LinkedIn "reactions", and "Share" it among your acquaintances and network.
----------------------------------------
Join me on Twitter, Medium, Facebook, beBee, Steemit and LinkedIn
More of my articles on Digital Identity, Biometrics and allied topics:
- Self-Sovereign Identity Depends on National Policies
- The Password Hole in the Cyber Bag
- Identity Dilemmas: Biometrics, Texts or Something Else
- Brand Identity, Digital Identity and Crypto Aspirations
- Digital Identity, Assets and Governance
- Decentralized Digital Identity: Which Distributed Ledger is Most Viable?
- Decentralized Biometrics: Is It the Ultimate Solution?
- Biometric Data Protection is a Big Challenge
- Reset Biometric Traits?
- Spoofing Biometrics isn't Impossible
- Privacy protection could have saved Aadhaar data breach
- Data Protection is a Big Challenge
For more articles, stories, and insights follow #DebeshChoudhury
* * * * * * * * * * * * * * * * * * * * * *
I am a researcher and academician of electronics and applied photonics. My current research focuses on Privacy Protected Digital Identity. My friend Jose Munoz Mata and I are researching distributed ledger technology for decentralized digital identity and other real world applications.
In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.
Text Copyright ? 2019 Debesh Choudhury— All Rights Reserved
#passwordsecurity #digitalidentity #biometrics #dataprivacy #datasecurity #informationsecurity #technology #innovation #infosensys #dazlabsasia #learningtimes #debeshchoudhury #josemunozmata
Founder
5 年I believe the answer to the question depends heavily on how secure your text password is! We know that a lot of people use insecure password such as 123456 or "password". In these cases, perhaps biometrics can be more effective. Anyway, I got the feeling that biometrics is for lazy people, and traditional text password is for those who doesn't trust new technologies!
Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
5 年It is not feasible to compare a biometrics on its own, which is probabilistic, with a password on its own, which is deterministic. And, in reality, how can we select the test samples to compare from numerous combinations, say, between the two extremes of the securest password vs the least accurate biometrics and the poorest password vs the most accurate biometrics? However, it is just easy and simple to compare (1) a password with (2) a biometrics with the same password as a fallback measure against false rejection/non-match of the biometrics. Logic leads us to conclude that (2) is inevitably weaker than (1) as outlined in this video - https://youtu.be/wuhB5vxKYlg? This conclusion is valid however accurate or inaccurate the biometrics may be and however strong or weak the password may be. Incidentally, we need to be very careful about what security professionals tell us about biometrics. Many of them are ignorant of or indifferent to the opposite security effects of two authenticators used in 'multi-layer' and 'multi-entrance' deployments - https://www.dhirubhai.net/pulse/quantitative-examination-multiple-authenticator-hitoshi-kokumai/
P.R. Polymath* Public Relations Parrotsec
5 年Who manipulates the manipulators ? Hall of mirrors
X-Ray(Metaphor) | Music Composition | Design & Build Software , Electronic Devices & Mobile Apps by combining & riveting together multidisciplinary technologies and multitude of ideas | Psychology | Philosophy
5 年No,Biometric is not more secure than text password.Highly influential people and vested interests are fooling people.