The Changing Landscape of Mobile BiometricsVeridium Author | October 5, 2017
Advances in Face and Iris Recognition
Since the 1990’s, iris and facial recognition have been used in many fields where secure access to materials or information is important. Now the technology is becoming mainstream through increased adoption in smartphones. The strides that iris and facial recognition have made in recent years is due mostly to advances in infrared technology. Iris recognition, in particular, has been developing over the past few decades as a reliable, secure, and non-invasive identification method.
Your iris has stable and distinctive patterns and features that make it perfect for personal identification. These patterns don’t change over time like your face will. The probability of finding two people with the same iris patterns is negligible compared to other biometric identification methods, so it’s ideal for smartphones and wearable tech, as well as use in border security at airports. Iris recognition works through cameras that use near-infrared light, which helps verify the identity of a person efficiently and accurately.
Facial recognition, on the other hand, has been adopted more readily by many smart device companies, such as Apple, Samsung, and Microsoft. The iPhone X’s Face ID, for example, uses a TrueDepth camera, which projects thousands of infrared dots onto your face. This use of infrared technology creates a 3D map of your face that is more secure and harder to fool than previous versions of facial recognition technology.
The introduction of Face ID to the market is shedding a spotlight on biometrics and security. More organizations and individuals than ever before are beginning to take note and tune in, so it’s important to know how it will affect you.
The Advantages and Disadvantages of Face ID vs. Touch ID
With the introduction of the iPhone X’s Face ID, many security experts have weighed in on the pros and cons compared to Touch ID.
Touch ID was introduced to consumers when Apple launched the iPhone 5s. Touch ID offered consumers with little to no experience with biometrics the opportunity to use the technology first hand and become comfortable with it. Over time, Apple has expanded its use beyond just unlocking the iPhone to enabling security features and authenticating ApplePay transactions, and other manufacturers have adopted the same features.
Fingerprints provide well-defined data, which is universal and reliable, even in adverse conditions. Because of the long-held perception of the uniqueness of your fingerprint, Touch ID was quickly adopted as a security feature. However, Touch ID is a far cry from traditional fingerprint capture.
There are a number of issues with Touch ID. These weaknesses in the technology, while they don’t negate its use as a mobile biometric tool, should raise an eyebrow in those looking to deploy mobile biometrics for more advanced security needs.
Existing mobile fingerprint sensors are, by necessity, very small. If you look at the buttons they’re embedded in, they are a fraction of the size of your actual fingertip. This only allows them to capture a small section of the fingertip. Ultimately, this means the number of points that can be compared for authentication are far fewer than in traditional fingerprints. This makes the biometric less accurate and easier to spoof. In Apple’s iPhone X launch event, they announced that Touch ID had a 1 in 50,000 chance of being spoofed, which while small, is honestly not a great number in terms of security metrics. Think about the city you live in. Even in a small urban area, there could be at least one person who could match your print and unlock your device.
On the other hand, Touch ID has been a fairly reliable method of unlocking and using your mobile phone. It is extremely intuitive and efficient and keeps many consumers from being locked out of their phones after forgetting their PIN. However, since Apple removed the home button entirely, along with the Touch ID sensor, they transitioned towards Face ID.
Is Face ID poised to replace the Touch ID as the better means of biometric security? Maybe not.
The iPhone X’s Face ID relies on its camera to take a 3D picture of your face in order to unlock your device. The camera has several factors that create the facial image, but how does it actually compare in regards to speed, reliability, security, and privacy?
Apple’s Face ID is untested for the most part, so we can’t be certain how accurate and robust the recognition tools will be. At the launch event, the phone didn’t even open on the first try for Craig Federighi.
Some consumers feel like Face ID is less secure and reliable. There are more variables that would interfere with it, such as a smudge on the camera, wearing glasses, ageing, etc. Apple responded by saying that changes in appearance will not affect it and that the system cannot be fooled by photos, videos, or other 2D mediums. However, they later announced that children under 13 and twins shouldn’t use Face ID because of the high probability of false acceptance.
In addition, with Apple’s iPhone X only one face can be used per device – whereas, with Touch ID, multiple fingerprints could be used if one was compromised, or if multiple people used one device. There is also no real evidence to say that Face ID is more secure than Touch ID. Moreover, using Face ID to open your phone is awkward and not as quick as using Touch ID. It is an unintuitive movement to pull your phone out and stare at it until it opens when simply pressing your finger on a touch sensor would unlock and open your phone immediately. Not to mention you can unlock it without looking at your phone, which is useful in a variety of situations. Face ID is a lot less discreet than Touch ID, and petty thieves will be able to easily tell when people are using and unlocking their very valuable new phones on the street.
The shift toward biometrics, especially Face ID, will impact businesses and individuals alike. Some organizations are embracing the change, but many consumers still feel their data won’t be secure and feel that utilizing biometrics may be an invasion of their privacy.
Why are Companies Transitioning to Biometric Authentication for Security?
Companies are exploring alternatives to passwords, PINs, tokens, and fingerprint identification. Certain industries are taking steps for increased security in light of the numerous high-impact breaches over the past few years, especially within the past few months. Apple, Samsung, and Microsoft, along with many banks and retail organizations, have been updating their security measures in favor of biometrics to protect their information.
Companies are made up of people, and as such, those employees are prone to human error. We have trouble remembering passwords, and therefore rely on either very simple ones, or use the same password for all our accounts and devices. This makes your data, as an organization, a sitting duck. The only way to fix this is to rely on better forms of identity authentication, and that means turning to biometric technology.
Biometrics are also simpler and more intuitive to use than long, complex passwords and PINs. This can streamline many processes within an organization, making them much more efficient.
Potential Benefits of Mobile Biometrics for Businesses
Put simply, biometrics are more secure for business. Apple’s foray into improving facial recognition technology will help lead the way for a change in enterprise security. Biometric security could help businesses streamline their security protocols, and save them time and money from lost tokens or reset passwords. Not to mention, enterprise data breaches have increased in number and severity over the past five years. Relying on traditional security methods is no longer cutting it.
The spotlight that Apple is shedding on biometric technology through Face ID will help lead the way towards even more secure forms of biometric authentication in the market. For example, hand and iris recognition both provide significantly more detail and complexity than other forms of biometric authentication. The more complex the biometric, the harder it is to spoof and the more accurately it can authenticate a user. This saves businesses time, money, and the PR nightmare that comes after a data breach.
For companies seeking better security, leave passwords behind and use biometric authentication methods to secure your data. The need for better data security is also not limited to businesses, as consumers will be heavily impacted as well.
What do These Changes Mean for Consumers?
In the age of online data, it is extremely important to keep yourself safe with secure identification methods. Conventional methods of using passwords, PINs, or tokens can be easily hacked. Historically, four out of five data breaches have been due to stolen passwords or misused credentials, so a shift toward biometric security is essential for keeping your data safe. Biometric security is also popular with consumers because it can be very simple to use – it’s your finger, face, or eye – not a 16-digit password with letters, numbers, and special characters.
Since most consumers use their mobile phones and apps for almost all aspects of their lives – from banking to social media and even health records – concerns over security are a top priority. People have good reasons to be concerned. Even as security methods evolve, hackers are too. Fortunately, the advances in biometrics can make your data more secure.
Removing the need for passwords in favor of using your unique physical attributes as identifiers will help secure your data. Using a security system where you are the key. What is a better key to protecting your data and your devices than your one-of-a-kind biological traits?
On the flip-side, consumers should consider what their legal rights are with these new changes. It is much easier for a cop or mugger to hold a phone up to your face or finger and force you to unlock your phone, revealing your sensitive information. Face, fingerprint, and iris recognition aren’t actually protected by your Fifth Amendment rights, so law enforcement can force you to use your face or finger to unlock your devices. While this is not something most consumers will have to worry about, it is creating an interesting legal precedent.
The advancements in biometric security due to infrared technology are changing the game in terms of enterprise and personal data security. However, we need to carefully consider when and how we are deploying biometric security, and what the optimal uses for these technologies can be.