Biometrics - the basics
Today biometric logins, such as using our thumbprints on our mobile phones, are common. But what are biometrics and how secure are they?
What is it?
Fingerprints, scans of the iris in the centre of your eye, images of the hand or face, or voice recordings are all unique characteristics that can be used to identify you and authenticate you – that is, confirm you are who you say you are.
For many years, we have been using biometric sensors like our thumbprints to access our smartphones. We are now seeing more and more services using biometrics such as the Australian Taxation Office (ATO) which provides taxpayers the option of recording and using their saved voiceprint when they ring the ATO. The banking sector has also embraced biometrics, with ANZ the first Australian bank to offer its customers voice recognition as added security on mobile devices, to allow higher value transactions. Meanwhile, Australia Post has released Digital iD™, an app which provides facial and other biometric verification services for a range of government and private sector organisations.
How secure is it?
Using biometric authentication can help keep your devices or information highly secure, especially if used in combination with a strong password. We’ve all seen spy movies where people fool biometric readers with contact lenses, photographs and plastic fingerprints, but the reality is that this is less likely. The advanced technology that is now used is hard to fool, with increased capabilities of equipment such as 3D scanning.
However, your biometric information is valuable – if it gets into the wrong hands it could be used to impersonate you and access your device or accounts.
So, before giving your biometric data to anyone, make sure you ask a few questions about how your data will be managed:
- Why is my biometric information needed?
- How will the information be stored and protected?
- How long will your data be kept?
- Who will have access to it?
- Will they share your information with anyone for any reason?
If an organisation can demonstrate they will effectively protect your information, then using biometrics can be a secure option for you. However, the best choice is to combine it with another factor, such as a password or PIN.
Can my biometric data be stolen?
Yes, like any type of data, your biometric data can be stolen. If your biometric data is stolen, it’s much more complicated than resetting your password. If the organisation managing your biometric data has appropriate security controls and protections in place, then the theft of your information is going to be significantly harder. Many Australian organisations will store encrypted versions of biometric data, and keep this data maintained in Australia only, as further layers of protection.
Biometrics can be a secure option to protect your accounts and privacy. Just remember to:
- always ask these questions before handing over any biometric details
- always read privacy policies and understand how your data will be stored and managed
- always use a second factor of authentication and ensure your passwords are unique and hard to crack.