The identification by physical characteristics of the user using biometric technologies (whether fingerprint, iris, facial recognition or voice recognition) has given rise to an expanding business sector. Thus, the global biometrics market has a compound annual growth rate (CAGR) of 22.9% and is estimated to generate $70 billion in revenue between 2016 and 2025, according to a report by the European Commission.
Among biometric identification methods, fingerprint access is the most widely used. It is an inexpensive, easy-to-use system with fairly good reliability, although it is not 100%, and this is making it more and more widespread.
In fact, according to a Yóle Development report analysing the biometric sensor market, 91% of the sector’s revenue in 2016 came from fingerprint-related technologies. It is also the best accepted among users, according to a 2019 survey of U.S. consumers, who stated that three-quarters of them were satisfied with fingerprint authentication. Among its limitations is the fact that if the hand is a little damp it no longer works well.
On the other hand, facial recognition has been gaining weight in the sector. Apple currently bases the authentication of its telephones on it and it has also been implemented in access to Windows. It is even applied in face-to-face environments, such as the pilot tests carried out on buses in Madrid and at airports such as Barajas. In fact, by the end of 2021, 71% of airports are expected to incorporate these technologies. It is safer to use facial recognition in controlled environments, such as a bus or a restaurant, since it can be verified that at that moment the identity of another person is not being supplanted”.
In fact, cybersecurity experts see biometrics as a very useful identification technology as a complement to current methods based on passwords, because it still has important security and privacy challenges.
Many security systems, such as those of banks, ask you for two factors, such as the password and a code you have received. Currently, the password is being replaced by biometric factors in many cases, because it is more comfortable for the user. In this way, users avoid the phenomenon known as “password fatigue”.
According to experts, the main security and privacy challenges of biometrics are as follows:
- Biometrics is not an unequivocal system. Unlike password identification, there can be dubious cases: by creating a pattern of a fingerprint or the features of a face, the captured image may largely coincide with them, but not be entirely identical. In these cases you have to set a threshold and whether you are very strict in the level of coincidence or not, you can generate problems. The system can rule out people who should be validated but if you are not very strict, you can validate unauthorized people. In addition, there may be people with very similar physical traits.
- Biometric data are more exposed. The features of our face are easy to know, as we move through public space and share our photographs in digital spaces. Even the fingerprint could be obtained from images, as the Chaos Computer hackers did in 2013 when they created a copy of the fingerprint of Ursula von der Leyen, Germany’s defence minister. Obtaining the image is relatively simple, but turning it into a 3D mold that works on the sensor is no longer so simple.
- Identifying physical features cannot be changed. Our fingerprint or iris have permanent characteristics, which we cannot change. This is a problem if someone gets our biometric data to make fraudulent use of them, since, unlike the password, if an attacker can get them, then we can’t modify them. The systems should provide the option that we can revoke, for example, a fingerprint, so that if there has been a security problem we can activate the system with the image of another finger.
- The use of biometric data can generate privacy problems due to traceability. If you extend the use of biometric data and, for example, use your fingerprint in many environments, a person with the template of this fingerprint could make queries in various databases where it has been registered and know where we have been. However, so that we could trace the movements, it would be necessary, in addition to biometric data, that other databases were accessible to all and only ask for this authentication factor, says Serra, who believes that cameras that record images on the street or GPS connection of mobile phones are a much more direct way of recording our movements.
Therefore, despite the exponential increase in the use of these technologies to authenticate users in digital environments, to ensure total security and preserve user privacy, the use of biometric technologies in the identification and validation of people in digital environments must be researched more and better. The simultaneous use of more than one authentication factor is the best way to ensure our security. In many systems that only ask for one authentication factor, the user can activate another, such as receiving a validation code on the phone.