What Is Biometric Security and How Secure Is It?
Biometric security systems digitally identify people through biological signatures, like fingerprints, facial recognition, and eye scans. These systems are becoming increasingly commonplace. Odds are you already regularly interact with a biometric security system. Just look at your phone—it likely has a fingerprint scanner or facial scanner that unlocks only for your finger or face.
Biometric security features are now often used in access control systems— mainly by the government, but interest is growing in the commercial space.
The question is, how do biometric security systems work, and are they that secure?
Convenience is the biggest selling point for biometric security systems.
Believe it or not, convenience plays a significant factor in security. If a burglar alarm system is hard to use, it can be easy to make a mistake when attempting to arm it. Maybe an alarm is activated on accident or just won’t arm, which can quickly become frustrating.
Some security companies—Bay Alarm included—have worked hard to develop easy-to-use, easy-to-access security systems. You can control many of our systems directly from your phone or computer, and you can do things like view security camera footage from anywhere.
Biometric security systems take convenient security to the next level.
You—your fingerprint, face, eye, voice, etc.—become the key to unlocking your access. For example, a biometric access control system might authorize access via a fingerprint scan. Just walk up to the door, place your finger on the scanner, and you are in! No key, keycard, or PIN is needed.
Biometric security systems work well because the key is always with you. And biometric systems are not just convenient—they are also secure. That’s because when using a high-quality security system, biometrics are hard to steal or fake.
You might write down a PIN code on a notepad and set it on your desk for any passerby to see. Metal keys can be lost or stolen, requiring the installation of new locks. But mimicking your biometrics is more complex than you might think.
In terms of security, biometric systems are hard to crack.
In general, it takes considerable planning and effort to break into a properly functioning biometric security system.
Let’s look at fingerprint scanners, which are one of the most common biometric security systems. Fingerprint scanners went mainstream with fingerprint-scanning smartphones, but businesses also use fingerprint scanners for building security. There are three types of fingerprint scanners:
Capacitive scanners: Capacitive scanners emit an electrical charge. The charge “bounces” off the minuscule ridges and valleys of the finger back to the sensor, which registers how , the finger’s topography alters the charge, and then compares the data against saved profiles, determining if the fingerprint is authorized or not. These are the most common scanners.
Optical scanners: Optical scanners take a picture of the finger. Just as you might compare someone’s face to their photo on an ID, optical scanners compare saved images of a known user’s fingerprints to an optical scan to verify their identity.
Ultrasound scanners: Ultrasound scanners emit an ultrasound wave. The wave measures the ridges and valleys of the finger.
Researchers found just three methods for someone to trick a fingerprint scanner, and each required some effort. The first was to create a mold from clay, but this requires having access to an authorized user’s hand. The other two hacks require the use of a 3D printer. Researchers either stole a scanned fingerprint image or they took a picture of a fingerprint left behind on a glass surface. The images were then used to print a 3D model of the fingerprints.
Ultimately, as the researchers point out, “making a fake finger is a rather expensive process, at least timewise, which means that the ordinary user has nothing to fear.” Although this is just one of many types of biometric security systems, hacking into such systems requires a certain level of creativity—unless the captured data is not secured, which is a real possibility.
Biometric systems are far from perfect, as many people have expressed concerns about the lack of privacy inherent in using such a system.
Biometrics security systems collect personal, identifying data. That is also why they are controversial.
There are genuine privacy risks. Failing to properly secure your access control system’s database could result in the leaking of employees’ identifying information. These privacy concerns are even more significant when biometric databases are “multimodal,” capable of collecting and storing more than one biometric signature andmatching them up with names, addresses, phone numbers, and dates of birth.
As the owner or manager of a business with a biometric access control system, you also must consider how your employees may feel about it. They may have reservations due to the privacy concerns discussed above. Ask your staff about your plans for implementing a biometric security system. Being transparent and keeping their trust is critical.
You should also research the types of safeguards that you should have in place, as how you collect and save personal data may be of particular concern for your employees. You have to think about what type of personal data you want to collect at a very basic level—a fingerprint? A face scan? It’s what you do with that personal data that is of significant importance, as you must comply with local, state, and federal law regarding biometric data collection.
Every security option has its strengths and weaknesses, and that is no different with biometric security solutions. Biometrics are excellent option in some applications, while more traditional keycard and fob systems may be preferable in other contexts. Consult with your security provider to determine if a biometric security system is right for you.