Defining biometric data and its influence on our lives

Anton P. | February 4, 2021

Biometric data refers to distinctive physical characteristics central in identifying or authenticating humans. Over the years, we saw a global interest in biometrics and its riveting potential. Thus, our physical features became pieces of information we use to access buildings, confirm transactions, or unlock smartphones. Experts highlight its value as physical characteristics are difficult to fake. However, it can also feel overwhelming as more technologies capture biometrics without our consent.

What is biometric data?

Biometric data (or biometrics) refers to body measurements and statistical analysis of our physical features. It typically identifies physiological characteristics such as faces, fingerprints, irises, DNA, ears, hands, etc. Biometrics has revolutionized authentication processes, and its day-to-day applications continue to expand. Services now recognize us via the physical attributes we provide and obviate the common pitfalls of password-based authentication.

Thus, biometric authentication has the purpose of verifying that people are who they claim to be. For instance, you confirm your recent bank transaction by holding your fingertip on your smartphone’s built-in scanner. However, biometric identification represents a more dangerous territory. In this case, the goal is not to verify that Susan is Susan through her fingerprint. Biometric identification means that an entity attempts to find out who you are through biometric data.

Such technology has an alarming potential to be incredibly invasive to our lives offline. In 2019, reports surfaced about SearchFace, a technology allowing Vkontakte (VK) users to find accounts through facial recognition. All it took was to upload an image, and SearchFace would recognize faces and link them to VK users. A similar potential for privacy invasion happens on Yandex. The search engine uses facial recognition on its image search, capable of recognizing and detecting faces. Thus, Yandex presents results of similar faces, not images as opposed to Google.

Additionally, digital privacy advocates question whether massive biometrics databases are worth the cost. Governments claim that such data cross-referencing improves border security, employee verification, and criminal investigations. However, it also simultaneously gives governments the chance to surveil people non-stop. In New York, privacy advocates have united to stop facial recognition as a mass surveillance tool. However, the potentially intrusive use of biometric data has already reached the private sector. Companies scan shoppers’ faces to combat shoplifters and other criminals. In 2021, Spotify announced plans to suggest songs according to users’ voices, or, more specifically, their emotional state. Besides being unnecessarily intrusive, Spotify illustrates how companies can use biometric data in their business models.

The security of biometric data

Biometric data replaces traditional variables such as passwords, PINs, or smart cards used to enter restricted areas. For some, it might seem like a foolproof alternative. After all, your biological traits are difficult, if not impossible, to replicate. However, experts have proven these beliefs wrong on numerous occasions with as little as glasses and some tape. In other cases, specialists were able to circumvent face ID authentication with 3D models, crafted according to pictures of the target.

Even high-quality images of people’s hands can help hackers replicate victims’ fingerprints. One of the notorious incidents involved the defense minister Ursula von der Leyen. A hacker replicated her fingerprints from images taken during her speech. However, perpetrators can retrieve fingerprints from any object a person touches. Thus, replicating biometric is easier than one can assume. It might not require a laboratory or a highly tech-savvy expert.

Furthermore, while you can change passwords on-demand, biometric data is permanent. A biometric data breach is much more challenging to mitigate, as exposed details remain vulnerable indefinitely. Thus, biometrics is relatively accurate and secure as a standalone option. However, it all comes down to whether services storing this data are capable of fending off intruders. As a practical solution, experts recommend two-factor or multi-factor authentication.

Types of biometric identification

Based on physiological attributes

Facial recognition

This biometric identification method relies on mapping out your facial features into landmarks or nodal points. Thus, it converts the supplied images into data, representing the unique structure of your face. The generated template is then compared to any other incoming photos. The recognition can also be more seamless, as some systems perform real-time scans to look for matches.

Fingerprint recognition

It is one of the oldest techniques capturing the unique curves, loops, and whorls of a fingerprint. It requires a fingerprint scanner, which nowadays comes pre-built into many devices. The final ridges’ pattern serves as a reference point in granting or denying access.

Iris recognition

This biometric data refers to a highly-detailed analysis of a person’s iris using visible and near-infrared light. By illuminating the iris, the technology detects eye patterns and converts them into a binary template. Iris recognition is not as mainstream as fingerprinting or facial recognition. However, law enforcement agencies, medical facilities, and corporations explore its value to reinforce security.

Based on behavioral attributes

Voice recognition

This type of behavioral biometric data means that your voice proves your identity. It recognizes your vocal patterns such as nasal tone, fundamental frequency, cadence, and inflection. Thus, it can identify a specific person’s voice and perform access control. The seamless recognition of unique vocal markers is available in many digital assistants. However, voice recognition has its limitations and pitfalls. Deepfake voice algorithms can replicate your voice from snippets as brief as five-second recordings. Thus, it still falls behind other biometric data, and companies need powerful voiceprint detection mechanisms.

Signature recognition

This biometric data refers to the authentication of users in regards to the way they produce signatures. The technology samples the applied pressure, stroke order, direction, inclination, and speed. Thus, it checks whether a user produces a signature in the same pre-recorded manner. This form of signature recognition is dynamic, as opposed to static. The latter only requires individuals to write their signature on paper and capture it digitally with a camera or scanner.

Keystroke recognition

Keystroke dynamics are means for authenticating users according to their typing rhythm and timing. Such biometric data holds references on typing speed: when you press each key or pause. Experts label this identification form as the least intrusive but highlight its limits as well. For one, cramped muscles or sweaty hands can change the way a person types. Thus, it is optimal to implement keystroke recognition as a supplement to other types. As a standalone option, it is potentially the least secure option.

How do you use biometric data for authentication?

Cutting-edge recognition systems typically work on two data sets. The first one refers to the data submitted as a reference point and stored in databases. It becomes the template that systems will compare to characteristics captured in the future.

On smartphones, the performed authentication is local. Such device-based mechanisms prevent software or external systems from retrieving raw biometric data. Let’s say you use fingerprint recognition to confirm financial transactions. During this process, your banking app requests you to scan your fingertip. However, your device checks the submitted fingerprint with the ones you have set via your smartphone settings. Thus, your banking app simply receives the message whether the security module has found a match.

Undoubtedly, biometric data presents us with authentication that is highly accurate, relatively safe, and convenient. Thanks to this balance, people might eagerly turn to these alternatives, dropping passwords along the way.

You might already scan your face every time you want to unlock your phone. At your job, your fingerprint could be the requirement to enter the premises. There seem to be endless possibilities for biometrics to take the central stage in user authentication and identification. With the remarkable potential biometric data brings, it is essential to note that it can do more harm than good.

How to secure biometric data?

Overall, biometric data has the potential to overtake the traditional authentication and identification techniques. The new technologies verify and identify users’ identities and can be seen making their big break in the private sector. In the future, your iris, face, or fingerprint could replace driving licenses, passports, or social security numbers. All it will take to authenticate or identify is the physical features you own. However, before such integration in the human ecosystem can occur, additional precautions are necessary.

  • Encryption of biometrics. One way to make biometric data more secure is its encryption. Over the years, experts have experimented with such technology. In essence, it allows binding biometrics to digital keys, stored instead of raw biometric data. Thus, it would prevent unauthorized access as perpetrators could only retrieve the encrypted versions.
  • More laws against biometric data collection. Governments still struggle to oversee the use of biometrics. Currently, the policies for it are problematic, and privacy advocates require stricter laws to supervise it. People have the right to know precisely how providers store and use biometrics. However, the current usage of biometric technologies reveals that entities subject users to scanning without consent.
  • Multi-factor authentication. Experts emphasize that it is best to pair biometric data with other authentication methods. Hence, you should still use passwords, but add biometric verification as a supplement. Such techniques are more resistant to hacks since hackers would need to retrieve two variables. After all, our physical attributes are not private. We reveal them through posts on social media. Additionally, anyone with physical access to us can retrieve it rather effortlessly. Thus, while biometrics will continue to gain traction, treat every new technology with a grain of salt.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

facial recognitionvoice recognition2fa