By Darren Guccione
Biometrics–fingerprint ID or face recognition–are a convenience that people love. A device that uses fingerprint or facial recognition software provides fast access and the pleasure of skipping the hassle of typing and remembering a password–but can biometrics eliminate passwords? Well, not if you have concerns about keeping your own or your customers’ data secure.
Apps that use biometrics, typically function by accessing a personal identifying password as the trigger allowing access to a device. The strength of the original password continues to be the critical security point. Biometrics are a convenience because they automate the typing/remembering of your existing password. However, biometrics can easily be bypassed by hackers who have your login credentials. The hacker can bypass the biometric feature and login with just the password– and from there, update the biometric feature to reflect their fingerprint or facial scan.
If you use a password manager your password data is automatically encrypted by your Master Password–but your fingerprint or face is not used for decryption–it’s simply a “yes” or “no” within some tolerance. A biometric cannot be used to directly decrypt data. A successful biometric bypass or false positive could therefore put your data at risk. Overall, biometrics are not as safe as they appear, and should be used with that in mind. Any service that allows user access strictly through biometrics without an underlying strong password should be reassessed.
When choosing a password manager, several things should be kept in mind. Most will provide some form of encryption, but if given the option always choose one where the stored passwords are decrypted at the device level. This ensures that only you, on your specific device have the decryption key to unlock that password. Additionally, it’s important to be hyper aware of the places you input your passwords. If a website, app, or platform allows you access without inputting a password, this means they have full access to your stored personal data on their servers. Anytime you store a password on a browser, app or website, you open yourself up to risk. A password functions as the lock on the door of stored personal data so the more people have copies of the keys to your lock the increased risk that one can be stolen or lost. Online security is more important than ever. Even some of the world’s largest banks, have fallen victim to successful cyber incursions. As hackers continue to get more sophisticated in their ways of hacking it is important for users to do their part in choosing strong passwords.
All businesses and corporations that have fallen victim to cyber-attacks need to work on better educating their employees around the dangers of sharing and reusing passwords. Having good password hygiene is the first step in preventing hackers from getting ahold of your personal information.
While biometrics to authenticate are becoming more and more common, you still have a responsibility to protect your data. A secure password is a good start – don’t be fooled into a false sense of security thinking that your fingerprint or face alone is enough to keep your personal data safe.
Whether you have security concerns as an individual or as a business owner, it is imperative that you recognize that biometrics are most effective as a second-tier authentication system. They serve as a convenience that allows for immediate access but passwords are still in use underneath the biometric features.
In our fast-moving culture, it may seem like too much trouble to worry about your passwords, but in reality it’s more important than ever for you to safeguard your passwords because if you don’t – you are leaving yourself open to hackers who will be happy to sell your data to the highest bidder.
Darren Guccione is the CEO and co-founder of Keeper Security, Inc., the creator of Keeper, the world’s most popular password manager and secure digital vault and KeeperChat, the world’s most secure messaging app for all your devices. Prior to Keeper, Darren served as an advisor to NinthDecimal (f/k/a JiWire), the leading media and technology service provider for the Wi-Fi industry. And prior to that, Darren was the CFO and Co-founder of Apollo Solutions, Inc., which was acquired by CNET Networks (now CBS Interactive).