In recent years, biometric authentication It has become very popular especially on mobile devices. Generally, companies market them as an advanced feature that offers security enhancements, however, there are many who dispute this claim and continue to defend traditional passwords even as they acknowledge their drawbacks.

Biometric authentication sounds like something cold and modern to advanced technologies that improve security while making life easier, but the reality is that, at least in the consumer sector, it comes with huge inconveniences that end up leaving users even more exposed than if they had used a password.

The main disadvantage is that the “password” for access is the user himself.be it your iris, your face or your fingerprint. This means that biometric authentication is based on data that is exposed to the public and that, to top it off, cannot be changed unless a person undergoes a plastic surgery process or suffers some misfortune that significantly changes their physiognomy. The only alternative is to wear gloves, a hood and sunglasses at all times, except when going through the biometric authentication method, which sounds pretty absurd.

The whole question of when a user is their own password gets even worse when we consider the huge popularity of social networks and platforms like YouTube and Twitch. Currently, tens of millions of people are revealing parts of their lives online by showing their faces. Add to that the improvement in photo quality on both devices and social media platforms, and the result is a huge data farm that is sure to be exploited by malicious actors.

In short, biometric authentication is far from the panacea it seems, so here are two of its drawbacks and two tips to really tighten up your online account security.

You leave the password printed on the mobile device

We’ll start with the most obvious, which is using a fingerprint as a means of biometric authentication. This method has been quite popular for years, but using it is a very bad idea in terms of security, so much so that it’s on par with using the password “12345”.

Fingerprints are a widely used means of unambiguously identifying a person because, at least initially, only twins should have two identical ones (and maybe not even that if they lived through very different circumstances). Leaving fingerprints is the easiest thing in the world because our body works so they are present on the mobile device the user is using..

A consequence of using a fingerprint as a means of authentication is that it only requires stealing a mobile device to access it, whereas a traditional password would require the use of at least one brute-force tool (try passwords one by one until the correct one is found). ), unless the malicious actors are aware of it.

If it wasn’t enough to have a fingerprint printed on the device, we can add high quality photos that one can find on the internet. A photo that reveals details of the palm could leave the door open for malicious actors to replicate the fingerprint.

As we can see, using a fingerprint as a means of security may sound very modern, but it is a terrible idea that leaves the ground too flat for malicious actors and other organizations engaged in cyber espionage and cyber surveillance.

Since the fingerprint is a part of the data that is excessively exposed, some companies chose to use blood vessels instead of the outside of the hand. This method offers greater security by relying on data that, at least initially, is not easily exposed to the billions of cameras and surfaces in the world. However, it is important to note that the use of blood vessels is not perfect, although they are significantly more difficult to personify.

your face is everywhere

Facial recognition is another biometric authentication method that has become very popular recently, but the use of which could be even more inappropriate than fingerprints from certain points of view.

We live in an age of obsession with security it ended up raising issues around anonymity and data collection. In addition to the above-mentioned social networks and video platforms, a large number of cameras are added to this front, which are placed in shops and many public places for the easy identification of thieves and other criminals, but ultimately they are a means of identifying everyone who passes in front of them.

Although it is difficult for companies to try to fool the authentication system, the reality is that it is not impossible. On the other hand, if one really wants to be protected from malevolent actors, it is reasonable to think that they are always two steps ahead, especially considering that these malevolent actors do not have to adopt the profile of the typical Hollywood villain. film., but it is probably a company with many resources.

Unless you live in a place that is completely remote from cities and towns and you never visit them, most likely our face is registered or at least recorded somewhereso if we use it as a means of authentication, it’s highly likely that someone else said “password”.

It is better to use multi-factor authentication

In addition to the fact that it would be better to avoid current biometric authentication methods because they rely on public data, the user should do some authentication method in several factors.

As we said at the beginning, passwords are not an infallible or particularly secure method, but for many they are more secure than biometric authentication methods. Since there is no such thing as perfect security, the user should stack layers of security and protection. to minimize the chances of a malicious actor or third party gaining access to your credentials and data.

Multi-factor authentication makes it possible to strengthen the security of online accounts, but it would be important not to support it in SMS and phone calls, since these are insecure channels. Instead, it is recommended to use an app and/or security keys like Yubikey.

Use disk or file encryption and keep the kill button handy

Laptops, tablets and mobile phones are devices with a high probability of being lost or stolen. Biometric authentication methods are tempting to commit acts of theft and see if there is data on the same device that contributes to unlocking it, whether it’s looking for fingerprints or photos to impersonate a face.

In the face of theft, it would be appropriate use disk encryption or at least data encryption. On Android, this feature is only fully supported in versions 9 and earlier of the operating system, while versions 10 and later use file-based encryption, which allows different files to be encrypted with different keys that can be unlocked independently.

iOS, for its part, uses a file encryption methodology called Data Protection, while Intel-powered Macs can be protected with a volume encryption technology called FileVault, and Apple Silicon-equipped computers use a hybrid model.

Windows users use BitLocker as their data encryption technology, while Linux users often rely on LUKS, which requires a boot password to access encrypted partitions.

In addition to using disk encryption, this would be convenient enable, if the system supports it, the kill button which allows you to “destroy” the device and at least neutralize the data in case of theft or loss of the device.

conclusion

As we can see, it is important to be very careful when using biometric authentication methods, it may even be preferable to avoid using them by looking at the data they are based on and how easy it is to obtain.

Of course, the fact that biometric authentication methods are not trusted does not make passwords a panacea for the security and privacy problems a user faces when protecting their credentials, so the best, or rather the least bad thing, is to rely on a multi-factor authentication mechanism .