The 2 Big Problems with Fingerprint Security

Rafe Needleman
·Editorial Director, Yahoo Tech
image

(Thinkstock)

Thanks to the incredibly good fingerprint reader on the iPhone, millions of people have become accustomed to the everyday use of biometric security: the use of a unique biological characteristic as a security pass. Fingerprints are the biometrics we’re getting used to, but there are other forms of biometrics, like iris scans, voiceprints, heartbeats, and even gait detection (how you walk).

Biometrics are incredibly convenient and they can also be very secure. But they also have two really big issues that can bite users if they are not careful. I’ll tell you how to watch out for this in a second.

More:

But first, let me reiterate the benefits of good biometric security. First, there’s nothing to remember. You can’t forget your fingerprint. You don’t have to write it down. You can’t even get drunk and accidentally blurt out your fingerprint. They’re quite safe, as secrets go. And you can’t beat the convenience.

Second, as I said, biometrics can be secure. Well-designed systems that use biometrics don’t store a digital copy of the biometric (like a fingerprint). Rather, they store what’s called a hash of the identifier. Math is used to verify that a scanned biometric is the same one that was registered as authentic, but you can’t go the other way and generate the fingerprint from the hash. So if, for example, your iPhone is stolen, nobody’s going to be able to extract your fingerprint from it and use it elsewhere.

And now, the issues.

1. They will be hacked
Eventually someone will figure out a cheap and easy way for bad guys to steal your fingerprint from a bar glass and make a fake finger (one that appears to be alive) that can be used to unlock your phone. Complicated or expensive methods for this already exist. It’s just a race towards convenience for the bad guys. Or, worse, an entire biometric system, like Apple’s, might be hacked at the source.

Then what? If your password is hacked or stolen, you set up new passwords. But if your fingerprint is hacked, what are you going to do, get a new finger?

image

Apple Pay in an iPhone (Yahoo Tech)

No. And that’s the big problem with biometrics. You cannot really rely on them as at the first line of defense or your only authentication system. “You cannot use a biometric as a primary authenticator, or you’re gonna have a bad time,” says Joseph Lorenzo Hall, chief technologist of the Center for Democracy & Technology. “It’s not secret. You can’t change it. So you always have to have something else.”

Security experts like Hall recommend using passwords as the first line of security, and using biometrics as an additional factor in security — so there are two things need to get into an account. Hall says that sensitive installations are protected by three factors: To get access to their systems, you need a password (something you know), a biometric (something you are), and a special physical device (something you have). All of these factors have to line up before the system will open for you.

So should you forgo using Apple’s fingerprint security and lock your device with a password instead? Hall says not to stress about it. “I would recommend using it and not worrying about it. It’s designed to fail safe.” In other words, if anything goes slightly wrong with your iPhone’s fingerprint security, as it likely would if someone was trying hack in, the phone drops back to asking you for your password.

Alexander Abdo, a staff attorney at the American Civil Liberties Union who studies information security, agrees that Apple’s fingerprint system is good for consumer security. “I’m sure countless users now use biometrics to lock their phones, people who before may not have locked them at all.”

But you have to make sure that first line of defense is strong. Hall uses an 11-digit passcode on his iPhone, not the standard 4-digit pass. “I know there’s law-enforcement equipment to crack a 4-digit phone in two minutes. I want it to take longer.”

2. You can’t keep them to yourself
Passwords have a special standing in American law. They are knowledge, and the U.S. constitutions’s fifth amendment protects you from things you know that can be used against you in any way.

As Hall says, “They can’t force you to give it up if it’s only in your head. But a biometric factor is not in your head. It’s not mediated by knowledge.”

You fingerprint, or other biometric identifier, is not something you know, it’s something you are, and that’s not protected. In other words, you can be legally compelled to place your fingerprint on a scanner (or your eye in an iris scanner).

Both Hall and Abdo agree that this distinction is fuzzy. “The law is a little bit of a mess,” says Hall. “It basically says you have no 5th amendment right to your biometrics.”

Abdo adds the ACLU position: “We think the law should equally protect passwords and biometrics.”

But it doesn’t. And protections outside of courts are even worse. As Abdo points out, governments collect biometric identifiers all the time, without the knowledge of people. “Your physical gait can be captured at a distance,” Abdo says. And then it can be used to identify you later. There are also fingerprint databases. Iris scan databases are growing. DNA databases are next.

At sensitive locations, protections against the collection and use of all digital access keys, including biometrics, are even less. You have no 5th amendment right at a border crossing, for example, and often not in other countries, either. A border agent can simply deny entry to a country (or worse, put you in a jail cell) if you refuse to provide access to the electronic device he wants to get in to.

To get around this, Hall says, the best advice is to not take anything across a border that is sensitive. Depending on what you don’t want discovered, you might want to follow this advice: “Use secure Web storage, so you don’t cross the border with your data. Cross only with a wiped or new machine, and wipe or destroy it before you leave.”

But outside of the border-crossing scenario, to protect devices that use biometric security, make sure that they are primarily locked by a legally-stronger password first, with a biometric used only as a second or convenience factor.

Security is not a luxury
We rely on security to keep our economy running. Without passwords and encryption, we wouldn’t have Internet banking, or online commerce, or private email, or social networking. These basic functions of society depend on citizens being able to trust that their data and devices are secure.

As parts of this system, we all to understand how to work in it safely, just as we understand how to cross a street safely in our physical world. And there are things we can do to stay safe, not the least of which is using strong passwords, and knowing the limits of biometrics.