Biometrics are the future
Although it may be true that biometric authentication is what we will use in the near future, it is not a sustainable method of authentication. Biometrics at a glance seem like the solution to the password problem. We never forget our fingerprint or lose our iris, and it may be true that there are very few faces the same as ours, however there are a few huge drawbacks in biometric authentication that I believe will end their use in the near future. Just because they are easy to use and convenient does not mean that they are a good idea.
The biggest problem with biometric authentication is that you cannot reset your fingerprint if it gets stolen the way you can reset a password. This is a huge issue when it comes to the iPhone's fingerprint reader. According to Apple, it is impossible to hack the part of the phone that contains the fingerprint data, however history shows that anything "unhackable" today will be vulnerable in the not so distant future. Encryption is constantly getting better, only because decryption and brute force cracking tools are getting better. Once fingerprints are hacked, it is only a metter of time before they are made public in a data dump similar to the ones we see today with usernames and passwords for accounts. Even if we are decades away from a security breach, we cannot afford the risk of this data becoming public. Many people already have their fingerprints and some have other identifying biometrics in government databases already. This means that lots of people already have the ability to access your device and confidential data if they want to.
Next, there is the problem of existing vulnerabilities. The Samsung phone that can be unlocked with an iris scan has already been easily "hacked". Using a sharp photo of someones eye manipulated with inexpensive technology with a contact lens placed over the print out to give depth can access the phone on the first try. Fingerprints can be found on items, scanned, and re-created. Once the print data, or iris data is leaked, all of your data, devices, and accounts are vulnerable, because unlike passwords or codes which can be unique for each site or device a you cannot use a different face or fingerprint for each one.
Lastly, there is the extreme case in which our fingers might be cut off to unlock our phones. Really not as far fetched as it sounds.
Be sure to UPVOTE if you liked this post, and FOLLOW for more!
--Aaron
I couldn't agree with this post more! It seems the more security measures are implemented into our devices the less secure we actually become and the farther hackers will go to access our data. Not to mention what this could mean for future identity theft.
Nice post. I can agree with your post but only to some extent. It's true that our biometric traits are generally immutable, and having them stolen would imply a security breach in our phones, etc. However, in the case of the fingerprint attack, for instance, it is necessary to create an artificial artifact that contains the stolen fingerprint (with a 3d printer, for example) and then have access to the phone. If the phone has been stolen, the victim may disable it remotely in the meantime if it has crucial data. Otherwise, if it belongs to a common user, it is worth examining whether it really pays off to perform this attack.
Other scenarios may be more relevant (e.g., building access), but they are usually surveilled. All in all, my point is that when the threat is high, there are (or there should be) complementary security measures to stop the attacker.