Few types of data are more sensitive than biometrics. Yet companies collect it with abandon, often without rigorous scrutiny.
When a system scans a fingerprint, retina, or voice, it compares the information with a database to authenticate identity. But hacked databases can expose this sensitive information. And hackers are learning how to spoof biometric identifiers.
1. Don’t share your biometric data with anyone.
While biometric security systems are a powerful tool that can provide greater security than traditional passwords, they are not infallible. Biometric data can be compromised, as demonstrated by recent hacks of fingerprint, face and voice scanners. In the case of fingerprints, hackers can use a simple and inexpensive device called a “fingerprint skimmer” to gain access to a company’s fingerprint database.
The good news is that it’s more difficult to falsify biometric identifiers, which makes them a better choice for authentication than a PIN or password. In addition, biometric data is usually stored locally on the device where it’s collected – such as an iPhone or a computer’s fingerprint sensor – rather than centrally in a database.
However, many people are not comfortable with the idea of their personal information being used by a government agency or private corporation to authenticate them. In fact, some states have passed laws that require companies to obtain written consent from individuals before collecting and using their biometric data. Some states have also imposed statutory damages in the event of a privacy breach of personal information, including biometrics.
2. Keep your biometric data secure.
Biometric authentication systems, such as facial, fingerprint and iris recognition on smartphones, can be an effective security measure when paired with passwords or two-factor authentication. However, hacking and spoofing are common concerns in the field. For example, in 2019, the biometric scanning company Suprema was breached by criminals who stole data and sold it on the Dark Web.
A key concern is that biometric information could be used for fraud, such as document forgery to commit crimes such as illegal immigration or property fraud. This could lead to serious personal, financial and professional harm for individuals whose information is stolen or misused.
The good news is that biometrics are more secure than other data such as passwords or credit card details. This is because they’re stored directly on the device, which prevents it from being sent to a central database and makes it difficult for hackers to gain access. Additionally, laws and regulations require that companies clearly communicate the intended purposes of collecting biometric data to individuals, which helps mitigate the risk of function creep.
3. Change your password frequently.
Using biometrics to verify identity is an effective and convenient security measure, but it’s not foolproof. Hackers can still spoof the system and use tools like keystroke loggers to record your password as you enter it. To mitigate this risk, it’s best to pair your biometric scan with other security protocols.
For example, if you have two-factor authentication enabled on your devices or apps, this adds an extra layer of protection. And if you change your password frequently, it’s less likely that any stolen credentials will remain useful for an extended period of time.
It’s also important to change your password frequently if you share a computer or mobile device with other people, such as family members or co-workers. And if you’re no longer in contact with someone, consider changing the password on any accounts that were shared (such as a Netflix or Amazon account). It’s also a good idea to regularly change the password for your email and financial accounts. This will help keep hackers from accessing your information and stealing your money.
4. Use a strong password.
When people use a password to secure something online, they must protect it from hackers, identity thieves, and other malicious actors. It’s essential to use a strong password, and Muhlenberg’s IT recommends that you make it as long as possible.
Biometric security uses unique physical characteristics to verify identities and unlock devices or systems. Examples include fingerprints, facial recognition, and iris scans. These systems have several benefits over traditional forms of authentication, such as keys and passwords. They are convenient, easy to use, and provide a higher level of security.
They also tend to be stable over time and are difficult to alter, unless a person experiences an injury that changes a physical characteristic. But like any technology, biometrics have their drawbacks.
One risk is that biometrics are often collected without the individual’s consent, participation, or knowledge, such as when a company collects facial data from employees without their knowledge. And biometric databases can be hacked, and data manipulated for purposes other than intended. In addition, some biometrics may be repurposed by governments to monitor citizens.
5. Keep your biometric data private.
When using fingerprint, facial, iris or voice recognition, it is important to keep in mind that this information can be hacked and used for identity fraud. These biometric data points are unique and permanent, making them a target for hackers who can use them to steal your identity and money.
Hackers can also easily breach databases that store your biometrics and other personal data. This data can then be sold on the dark web. Hackers can also “spoof” these systems to use fake iris, face or voice prints to bypass authentication.
In-house lawyers should always carefully consider if and how biometrics can be used within their organization. They should ensure that appropriate privacy notices, consent, and security protocols are implemented to avoid costly private rights of action.
They should also ensure that all biometrics are stored locally and not on remote servers or devices where they could be compromised. It is also recommended that multi-factor authentication is implemented, so if one method of login is compromised, unauthorized access can be blocked by another means.