10 Sins of Biometrics and How to Avoid Them

Biometrics have been used for decades now in everything from video game controllers to smartphones and even wallets. These technologies literally enable people to identify themselves with a touch, grip, or pattern of blinking like a gatech wing zone. However, recent events raise the question of how safe biometric devices really are.

This blog post provides tips on how to avoid the top 10 sins of biometrics that were most recently discovered in a report by British security experts called “The Sins of Biometrics.” In addition, it also outlines some more practical ways you can decrease your chances of being hacked or having to fight off an attacker at an airport checkpoint.

1. Waive Privacy Laws

Biometric devices, when used to identify government employees and other organizations that are bound by laws such as HIPAA and FERPA, can be vulnerable to criminals who hack into the system to steal or modify biometric data. Furthermore, others may get hold of the biometric information of employees through phishing attacks and/or social engineering. For example, a trusted insider might take a fingerprint from a co-worker with the intent of using it later for their own purposes.

2. Forget the Password

The weakest link in any security system is the one where the password comes from. There are easily a million combinations of biometric information to choose from, which makes it highly likely that attackers have already tried them all. Therefore, it’s wise to use something you’re familiar with on a daily basis for your biometric device—for example, using your thumbprint or facial portrait as your password.

3. Don’t Use Sensitive Information

Most biometric devices are designed to detect and store various types of data within their respective databases—such as fingerprints and facial scans—in what’s known as a “biometric hash. These hashes can then be compared with other biometric hashes in an algorithm in order to determine the person’s identity. Therefore, it’s best not to use any biometric information that happens to be sensitive—such as a fingerprint that contains your Social Security Number or other government-issued information. You may also want to avoid using certain passwords or PINs on your devices, which might contain any of the above sensitive information.

4. Don’t Share

The greatest threats to our safety and security come from inside our own organizations, which is why it’s so important not to share information with other employees within the same department. When this is done inadvertently, you’re virtually asking for a breach. Furthermore, it’s entirely possible that your biometric device may be hacked by a malicious insider who then stores sensitive information within the biometric database. This could then be used by other malicious users to open up the company’s systems and compromise all of its data.

5. Don’t Use Multiple Devices

Because biometrics are increasingly being used for more than just identification purposes, it’s important that you always use the same device for each application. For example, if your smartphone already has access to all of your corporate data, you’re better off using that device along with your biometric features. This will ensure that the devices are always communicating over a secure connection, thereby making it more difficult for hackers to intercept or modify the data on one device and send it back out.

6. Don’t Use Unnecessary Functions

Biometric devices are capable of many functions beyond simply verifying someone’s identity—for example, they can be used to authenticate identity and authorize payment on things such as federal benefits sites. Therefore, it’s not necessary to use all of these features at once. Instead, make sure that you’re using your biometric device in the most secure way possible.

7. Avoid Limited Lists

Many biometric devices will include a list of people who have access to the database. In some cases, this means that a few thousand people are given access to your information—which is just an invitation for a criminal to hack into the system and steal or modify it. Therefore, limit the number of users you allow on each application or device, especially if it’s an older model with stronger security features.

8. Don’t Change Too Much at Once

It’s best not to change too many things all at once when improving your security measures. For example, if you’re still using older equipment that has been used for the past decade or so, it’s probably a good idea to upgrade to newer systems. However, don’t purchase a new system and then change your passwords and PINs at the same time. Otherwise, you’re more likely to forget what your original information was, which might lead to identity theft.

9. Don’t Rely On Biometrics Alone

Biometric devices are great for providing additional security on top of other security measures; however, they shouldn’t be relied on too much by themselves. For example, if you store your money in a safe at home, use biometrics to open your front door, memorize your PIN numbers for important applications, and instead of using a difficult password for anything else, then you really aren’t putting much of your data at risk.

10. Avoid Fingerprint Fraud on Social Security Numbers

The Social Security number is one of the most valuable pieces of information to hackers when looking for employees’ identities. Therefore, use caution when comparing fingerprints to the database. Make sure you’re using the same finger for verification each time, and never use a fingerprint that contains your Social Security number.

Summary:

Biometric technology is only going to become more widely used in the future. However, it’s important to keep in mind that these systems are extremely vulnerable to attack, which is why they must be used alongside other security measures. For example, if you only use biometric devices to verify who employees are and don’t store any sensitive information within the database itself, you’re less likely to suffer a breach.