Pros and cons of biometric authentication
Posted on 26 February 2010.
In theory, biometrics are a great way to authenticate a user: it's impossible to lose your fingerprint (barring the most gruesome of developments), you can't forget it like you could a password, and it's unique to you.

In practice, though, there are so many things that, for now, limit a more widespread use of this technology.

One of the problems has been pointed out by Guy Churchward, CEO of LogLogic. He says that it is its uniqueness the thing that makes using biometric data an inherently flawed choice for a primary method of authentication.

"Once you have your fingerprint scanned it will give a unique data sequence which if compromised is not exactly something you can change," he says. "Imagine having an option of only one password 'ever'. One loss and you are screwed."

Another problem is that current scanners still can't recognize if the fingerprint is on a real finger or an artificial one. Andrew Clarke, of e-DMZ Security, says that in theory, one could get a hold of the user's fingerprint using techniques used in crime detection and transfer it on an artificial finger. This will likely change as the technology evolves, but for now the system is still fallible, and not suitable to be a primary solution to the authentication problem.

“As with all authentication, multiple factors increases the effectiveness of the solution. Something you have (fingerprint) combined with something you know (passcode) provides a stronger solution,” he says.

According to SC Magazine, David Ting, CTO of Imprivata, sees the good side of this kind of authentication. Saying that the contents of any computer should be encrypted, and the access to its content secured by a password AND by biometrics. According to him, a biometric password is infinitely more difficult to recover using a brute force attack than a "normal" password.

He is in favor of using a complex passwords initially to thwart cracking, and as regards the secure access to the Windows logon, biometric, one-time password tokens or smartcards should be used because of the aforementioned reason.


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th