Today’s biometric systems are quick and simple, and issues with selecting, remembering and resetting passwords are mitigated.
Biometrics Allow for Better Bank Security and Customer Convenience
There have been significant developments in the biometric industry over the past decade – leading to systems that are an order of magnitude faster, smaller and cheaper than before. Accuracy improvements, including the layering of biometrics, help keep the bad guys out and let the good guys in. Smartphones, with high resolution cameras and ability to read fingerprints, have already made the technologies for biometrics collection ubiquitous.
In financial transactions, biometrics can be used as a substitute for passwords, which are notoriously easy to hack. In an effort to create memorable passwords, customers understandably eschew the onerous suggestions to make them harder to guess or they reuse the same one across many internet platforms.
Today’s biometric systems address these challenges. They are quick and simple — users can authenticate in a fraction of a second. Issues with selecting, remembering and writing down secrets are mitigated. Password reset systems become less necessary — closing a vulnerable backdoor to data breaches. Plus, there is no password to be stolen by looking over someone’s shoulder as it is being entered into, say, an A.T.M. These benefits make for not only a safer system, but also for one that is easier and faster to use.
However, these measures must take into account personal privacy considerations. Given the spate of commercial and government database breaches in recent years, we must assume that biometric databases might be compromised as well. Thus, there should be a fundamental premise in the design of security systems that biometric samples are not secrets. Someone having a picture of my face or an impression of my fingerprint should not be able to automatically compromise a facial recognition or fingerprint system. Databases containing biometrics can be hacked and stolen just like those containing names, addresses and Social Security numbers have been.
In well-designed systems, the mere possession of a biometric sample or template does not guarantee access. Good systems are designed to accept only live samples from an actual person at the time of authentication. This may be combined, for example, with an architecture where templates are fully distributed (e.g., on an individual’s iPhone) or centralized at a hardened, locked down and trusted third party.
But design is key, because a poorly built system without adequate safeguards has the potential of being less secure than traditional usernames and passwords.
Source | NYTimes