Wolfgang Schauble, Germany’s interior minister and adamant supporter of biometric authentication, seems to be waiting for the day when biometric technology will be available on a large scale and passwords will be a thing of the past.
The stir brought about the issue – how is reusing my fingerprint everywhere, different or safer from reusing the same password everywhere? Should it really be a diffused authentication method? And most importantly, how safe is it really?
The Register reported Karsten Nohl, who engineered the hack, as saying “It’s basically like leaving the password to your computer everywhere you go without you being able to control it anymore.”
Comparing Passwords & Fingerprints
We all know by now that reusing the same password is practically like handing over your identity to someone and giving them the entry way to sensitive information. And we all know that making strong, unique passwords for every single site you visit – and remembering them – is something of a nightmare. Even formulas and tricks fall short of solving the problem. That’s where password managers come in handy.
|If someone captures your password, they can use it to login everywhere you can.||If someone captures your fingerprint, they can use it everywhere you can.|
|Bots scan the web looking for unprotected passwords to capture.||Scanners can be placed in common objects (public doorways, countertops at the cashier) looking for unprotected fingerprints to capture.|
|If stolen, you must change the password on all sites, hopefully before any damage is done.||If stolen, you can’t change your fingerprints.|
Fingerprints are Everywhere
We know more or less how to protect ourselves when it comes to modern ‘identity scams’ – be careful about giving out personal information, protect your mail, be smart about passwords and PINs and so on. But how exactly would we protect ourselves from biometric identity theft?
Schauble’s fingerprint was said to be captured off a water glass he used last summer while participating in a public discussion at a University in Berlin.
Do future preventative measures include wearing gloves at all times in public to leave no trace of fingerprints? Will we eventually have to avoid looking straight into public mirrors for fear of exposing our irises to a hidden scanner?
It may seem a bit extreme but then again…
History Repeats Itself
According to a Marines memo, on July 21, 2003, the FBI and Federal Trade Commission first reported the existence of a new form of identity theft known as “phishing”. In 2007, just 4 years later, Gartner reported ‘The overall cost to consumers of online fraud [approached] $3 billion, compared with $2 billion in losses reported [in 2006], while more than three million consumers [were] victimized. This upward trend is expected to continue as phishing expeditions get more sophisticated and security upgrades play catch-up.’
Will this upward trend prove true for biometric phishing as well? And do the potential consequences really outweigh the potential benefits? Think about it – every child in the US is finger and footprinted at birth. Every foreign visitor to the US is fingerprinted and photographed. In fact, The Department of Homeland Security ‘plans to replace the current two-fingerprint scanners with new 10‑fingerprint scanners at all U.S. ports of entry over the next year.’
Thanks to Louise for contributing this article.