Biometrics vs passwords topic is always relevant and there are a lot of discussions, opinions and different views to it. Of course there is no perfect tool for security yet, that is why this topic is still hot. Let’s try to compare biometrics and passwords types of identification and make reasonable findings.
Strengths of passwords
- It is really simple to use passwords.
- Difficult and long passwords with capital letters and numbers can be reasonably strong.
- If your password is not strong enough or you think that there is a possibility that someone else knows it, you can always change it in a short time.
Weaknesses of passwords
- It becomes quite problematic to manage a big number of different accounts. If you use the same password for all accounts – it is unsafe and if you use unique password for each account – it is difficult to remember them all.
- If person needs to choose the password by himself, quite often it is something easy to guess – date of birth of the children, wife or husband, pet name, telephone number, number of house, etc. Such a passwords are very poor and person who knows enough information about you, can use it for breaking in your account.
- Often people forget their passwords, what can cause unpleasant situations. For example, if you need to make a very important money transfer immediately and forgot your internet bank connections, you can get to a really big trouble – lost your very important customer or even worse, your job.
- A password can appear in wrong people hands because of several reasons. It just can be stolen by a person who observes the moment when you entering your password. Also, people often lent their passwords to friends or relatives and send it by mail or phone message, what raises possibility that password can be seen by other people. What is more, when a password is really difficult or generated by computer, people often write it down, so another person inadvertently can see it or just steal the password. Some people write down their passwords in encrypted form, but what is ironic – often after some time they forget decryption rule.
- Computing power constantly grows, what means that password security becomes weaker – what is good news for dictionary and brute force attackers.
Strengths of biometrics
- Face, fingerprint, iris or voice is a unique biometric feature which can not be stolen. Biometric devices are widely available for the majority of these modalities through various suppliers like Biometric Supply.
- It is guaranteed that the owner of account is at the place where a connection is made.
- Biometric characteristics are very difficult to counterfeit.
- Person can not lose, lent or forget his biometric characteristics.
- Nobody else can connect to your account or system except of you.
- It is safe, because at the moment of authentication on the server side, biometric data never leaves the device.
Weaknesses of biometrics
- Biometrics is more complex and more expensive technology.
- If biometric information is ever compromised, occurs much bigger problem than with passwords, because you can not change your biometrics information. Of course you can always do plastic surgery, but would you like to do it just to secure your account?
- If passwords have to be exact, facial recognition and all other forms of biometrics operate on the “close enough” principle. Depending on technology and algorithm there is always higher or lower possibility of authentication errors. There are two different types of mistakes – false acceptance and false rejection. False acceptance means that another person connects to your account – possibility of this mistake is very low. False rejection means that algorithm does not recognize the true person who owns the account. But sometimes we enter false password or PIN too and this happens more often than biometrical false rejection. To avoid false acceptance mistake, biometrics security level can always be increased, but as a consequence recognition time, computing power and rejection possibility increases too. Biometrics security level can be reduced as well and possibility of false rejection would become lower, but then it is much bigger chance of false acceptance error.
Let’s take a look at a weaknesses of a different types of biometrics separately:
- Fingerprints. Problems with this biometric feature can cause different fingers injuries as burns or cuts, some fingers can not be scanned easily because of the reason that there may be stains, dirt, ink, oils, sun cream on your hands or because it can be a little bit wet. Fingerprints can be changed even because of your profession, for example musicians or people who work very hard with their hands.
- Voice. Sometimes such a circumstances can be challengeable for voice recognition: background noises and environmental factors, differences in temperature and air pressure, illnesses as cough and cold, speech variations, cheating with voice recordings. In some situations usage of voice recognition is difficult to imagine at all. For example on a football match, where is very noisy, or in a library, where everybody supposed to be quiet.
- Face. Accuracy of face detection and face recognition strongly depends on quality and resolution of camera, lighting, facial expression, posture of the face, glasses, hats, haircut, makeup, beard and moustache. What is more, faces can have a huge changes because of injury, weight, age and a lot of other reasons.
- Iris. Despite the fact that iris scanners improve and become more accurate, they still can be fooled by high quality photos and fake irises printed on contact lenses. Also, some drugs and medications can affect the pattern of the iris what can cause a recognition mistakes.
As we observed passwords are quite a poor security tool, while facial recognition technology and other biometrics can improve the situation because it includes information not about something we know, but something we are. It is obvious that none of these technologies can perfectly solve security problem, both alternatives have positive and negative features. What would be really smart, is to combine strengths to offset weaknesses. The best way to do it, is to use combination of these security methods. In this case, it would give much more benefit that the sum of its parts.
You can incorporate the SkyBiometry API into your own custom project. Do not hesitate to contact us if you have any questions about how this can be brought to fruition.
Share your opinion in the comments. We are really interested in our customers and visitors position. Let’s discuss on this topic!
Another huge negative for biometrics security is in emergency scenarios. What if your wife has the phone, you need something on it and aren’t physically there. With passwords you could send to her tell her. I’m sure there are tons of scenarios when you need to have someone else access a device FOR you. This is even worse with 2FA – say you travel abroad… you need to bring along the original sim card used in setting up (many of these systems roll it out automatically). Then you need to put that sim card in (and get retarded fees) just to receive a pin via sms. Finally, what if you drop your phone and the camera breaks, when you’re in an emergency? This is a flawed concept!