Back in the mid-2000s, biometric authentication came into light as the future of digital security. We all thought that fingerprint records and facial recognition were totally new. Ask any officer at your local police station — the tech industry was beginning to discover the potential of integrating these biometric identity proofing measures. Here is what the future holds for identity verification.
Tech developers rejoiced as they found ways to bring biometrics into reality.
No longer were digital fingerprint scans and photo identification checks restricted to the world of sci-fi. Unfortunately, early biometric technologies came with apparent flaws that made users quick to deem them too good to be true.
Can we stop the methods of hackers with a biometric application?
Things have changed. To keep up with the ever-evolving methods of hackers, developers have made biometric applications more sophisticated than ever before. But how well does biometric identity proofing hold up to other security measures?
Do biometrics truly keep users safe from data breaches? Is there a possibility that biometric security could replace passwords, tickets, or even government-issued identification? Let’s take a closer look at what biometrics has to offer, and what it could have in store.
Biometrics of the Past
When biometric security systems started gaining relevance in the tech market, companies all over the globe began to show interest. Businesses, both large and small, depended mainly on passwords to secure their private networks, as many still do today.
However, a weak or compromised password is all it takes to jeopardize a private digital database. Manufacturers swore by their fingerprint scanners and facial recognition software, claiming that their products were significantly better security measures.
Unfortunately for biometric developers, naysayers were determined to find cracks in this digital armor — and they did. Fingerprint scanners were proven easily dupable. Fraudsters only needed a lifted fingerprint to fool scanners into giving access to the system they guarded.
Facial recognition tools weren’t exactly fail-safe, either. Biometric authentication developers often claimed that their systems had fail-safe measures like eye movement tracking in place to distinguish the difference between a real person and a photograph. In 2009, however, security researcher Duc Nguyen was able to use a picture to bypass login for Lenovo, Asus, and Toshiba computers.
Even in recent years, there have been considerable reports of these very same weaknesses in biometric technology.
Yes, there are weaknesses, though this isn’t to suggest that biometric authentication software hasn’t changed. It has, in several ways. Facial tracking has improved, and most authentication algorithms today can differentiate between a live human face and a photograph.
Identification technology used in today’s smartphones is more straightforward than that of most third-party security platforms.
However, it’s still significantly better than any of the applications available ten years ago. Unfortunately, hacking methods have evolved at the same pace, leaving many smartphone users to face the same risk.
X-Lab, a Chinese digital security team, showcased a technique for bypassing biometric security measures on smartphones in 2019. In only 20 minutes, X-Lab researchers were able to use a specially made app, cheap hardware, as well as photographs of the fingerprints left on the phone itself to unlock it successfully.
Deepfake technology has also been a cause for concern for companies that rely on biometric security.
Although these digital masks first proved themselves too primitive of severe implications, deepfakes have become increasingly convincing — enough to trick users and biometric authentication systems alike into believing that they’re genuine.
These recent findings beg the question; have there been any improvements in biometric authentication over the past decade?
The Newest in Biometric Technology
One can’t judge the validity of biometric authentication by basing its security off of smartphone applications alone. Today’s top identity authentication services understand the challenges that face biometrics today and are more equipped to tackle them.
The most notable improvements made in the field of biometrics lay in facial recognition software.
The notion may seem ironic, seeing as the X-Lab hacking demonstration only happened less than a year ago. But it is true — manufacturers are now integrating advanced learning algorithms into their facial recognition technology.
These algorithms ensure an authorized user’s presence by using 3D analytics to determine whether the user is actually present at the moment of authentication. These recognition algorithms can even read a user’s facial expressions and detect emotions.
Identity proofing providers now know that biometric identity verification must be multi-factored to be reliable.
In the past, manufacturers focused mainly on identifying users by their physical traits; fingerprints, facial recognition, and the like. With the right algorithm, these biological markers can still provide the security needed to ensure safe transactions. But as with all security systems, contingencies must be placed.
Today, identity proofing services use a combination of physical trait analyses, behavioral measurements (i.e., digital signatures and voice recognition), and issued ID checks to ensure that the user is who they say they are. Other commonly integrated methods include knowledge-based authentication, which may involve giving a password or answering a security question.
What about the sophisticated deepfake algorithms?
Multi-factored biometric authentications are pass or fail. A user must pass every verification factor. One slip will flag the security service of a possible hack attempt. Most advanced facial recognition software is typically able to spot whether a person is using a deepfake or not.
More advanced recognition technologies integrate consent verification, in which a user must show their face on camera and hold up an ID document or handwritten note, as per the system’s instructions. Should a sophisticated deepfake bypass the facial authentication process, the user would then need to provide enough additional information to bypass the other security factors.
If a hacker uses a deepfake to infiltrate their targeted network, blockchain is a significant line of defence. Companies like Eristica use blockchain to record every user transaction made on their mobile phone app. Eristica’s algorithm scans through the data on the chain to find any transactional discrepancies that signal fraudulent behavior.
The Future of Biometrics
Despite its rocky beginnings, biometric technology has become a highly favored security measure among today’s top companies and organizations. Users can now utilize several different biometric measures, including retinal scanning and voice recognition.
In addition to the already popular fingerprint and face recognition technologies. Increased demand for biometric security ensures that it isn’t going anywhere, any time soon. According to a recent forecast report by the Biometric System Market, biometrics is on track to grow into an industry worth $65.3 billion by 2024.
Profit outlook is positive, but the question on most tech professionals’ minds is whether the technology will continue to improve. Surely it will — it has to if biometric security providers keep up with the ever-evolving data-breaching methods companies face. But how?
Experts see endless possibilities for biometric technology. Soon, we could see biometrics replacing government-issued identification. Paper documents and ID cards are easily forgeable, after all. Anyone could gain access to a fake driver’s license, or even a phony passport. On the other hand, biometric technology only seems to become more secure as new developments arise.
One day soon, we might not need ID to apply for a loan, rent a car, access our bank accounts, or even fly a plane.
We’re a long way from biometric authentication for international travel. The world isn’t nearly globalized enough for that just yet. But a thumbprint and a facial scan might be all you need to board a domestic flight in the next few years. It may seem far fetched, but countries around the world are already experimenting with biometric facial recognition to provide their citizens with a more personalized security approach.
For example, Singapore is planning to replace passwords and a government-issued identification with biometrics for several different processes. Singaporeans will be able to use a facial recognition app, complete with anti-spoofing safeguards, to authenticate their identities.
With this technology, Singaporeans will be able to provide identification to rent hotel rooms, enter commercial buildings, and make sizeable monetary transactions, among other things.
Singapore may be among the first countries in the world to embrace biometric technology nationally, but they won’t soon be the last. People around the world have voiced a desire for their governments to implement biometric authentication. According to a 2017 study conducted by the International Air Transport Association (IATA), 82% of surveyed travelers stated that they would prefer to use a digital passport to travel.
The report also shows that travelers want a faster, more automated airport experience and are willing to use biometric identification to speed up their travel. In response to these critiques, over 63% of airlines included in the survey claim they are planning to invest in biometric technology before the end of 2020.
Biometrics have come a long way, and they still have farther to go — but they’ve more than proven their worth as an authentication measure that is as convenient as it is fast.
More popular applications currently lie within the realms of personal device security and online transactions. However, we could soon see our world leaders use biometrics to help us all stay a whole lot safer and lift globalization to new heights.