Secuzine

spot_img

Father of Molly Russell honoured with MBE for contributions to online child safety

Ian Russell acknowledged his contribution to online child safety through the establishment of the Molly Rose Foundation, reflecting on Molly's legacy. He emphasises the...

Risks of Using Smartphone Biometric Authentication

The prevalence of smartphones in our daily lives is undeniable, with over 85% of the world’s population owning one in 2023. Major smartphone manufacturers like Samsung and Apple have added biometric authentication features like fingerprint scanning, facial recognition, and voice authentication to improve user experience and security. With the growing demand for safe and convenient authentication, the global mobile biometrics industry is projected to reach a staggering valuation of around US$208 billion by 2032.

With biometric authentication, you may prove your identity through actions like fingerprint scans and avoid having to memorize passwords. It can also act as a strong barrier against hackers. In fact, the security of e-commerce transactions has been greatly improved by the combination of biometric authentication with technologies like 3D Secure 2.0.

Nonetheless, despite all of its benefits, biometric authentication is not without risk. The usage of biometric tools, in particular facial recognition systems, can lead to privacy and monitoring issues for users. Moreover, machine learning and algorithms need to be constantly improved to reduce any potential demographic bias in biometric authentication.

Biometric authentication errors can result in false positives and false negatives, denying access to certain individuals or erroneously authenticating imposters. The crossover error rate (CER) gauges a biometric system’s overall accuracy, although it can be difficult to strike the correct balance between inaccurate acceptance and false rejection rates.

Biometric spoofing, though time-consuming, has proven successful on various occasions, with hackers tricking smartphone biometric systems using 3D-printed masks and artificial eyes.

Dealing with biometric data poses legal difficulties as it’s considered individually identifying information and is governed by laws like BIPA and GDPR. Failure to comply may result in penalties and legal action.

To address these risks, organizations are looking to move towards a server-centric architecture with Identity-Bound Biometrics (IBB). Unlike device-centric biometric authentication, IBB verifies the user’s identity rather than relying solely on credentials or devices. It mitigates risks associated with fallback mechanisms, presentation attacks, and device hacking. Additionally, IBB allows control and oversight of the enrollment process, preventing unauthorized delegations.

Our lives continue to be dominated by smartphones, making biometric authentication a balance between security and convenience becomes increasingly important.