On the one hand, fingerprint authentication is really cool, right? No more remembering passwords and for those of us old enough to remember them, it’s kinda like the Jetsons really knew what was up after all. And since cars can now drive themselves, it only makes sense that we would progress past passcodes. But on the other hand, there was that September 2015 announcement by the Office of Personnel Management that 5.6 million U.S. federal employees had their fingerprint scans stolen, which makes us wonder whether using fingerprint authentication (or letting our cars drive us around, but that’s for another blog post!) is really such a good idea. Having your PIN stolen is painful, but at least you can take action to remedy the situation by changing it to something new. Having your fingerprint stolen is something that can’t be taken back or resolved. It’s pretty clear at this point that the technology is here to stay – more and more devices are adopting fingerprint authentication, including smartphones, tablets and notebooks. So it really comes down to whether or not using fingerprint authentication is a good idea for you personally. Ultimately you will be the one to make that decision, so we thought it would be helpful to understand how fingerprint scanners work, along with their general advantages and disadvantages.
How Fingerprint Scanners Work
The “how” of it from the user perspective is pretty simple really. With fingerprint authentication, you don’t need to remember and enter a password to access a device like your smartphone or tablet. Instead you place your finger on a fingerprint scanner. If your fingerprint matches the scanned image on file, you gain access. How great is that? It works because no two people have the same fingerprint. Even identical twins have different fingerprints. This is what makes fingerprints perfect for identification purposes…something we all learned from watching basically any police drama on TV.
Types of Fingerprint Scanners
There are two main types of fingerprint scanners: optical and capacitance. Optical scanners use charge-coupled devices (CCDs) to get a fingerprint image. They work a lot like traditional scanners. Capacitance scanners on the other hand use electrical current to obtain fingerprint images. Their images have a higher degree of fidelity than the images made with an optical scanner. Plus, capacitance scanners require an actual fingerprint shape to work, making it harder to fake fingerprints. Most optical and capacitance fingerprint scanning systems do not compare the entire fingerprint when checking a fingerprint against the scanned image on file. They compare specific features of the fingerprint, which are known as minutiae. They use complex algorithms to recognize and analyze minutiae patterns. All the minutiae patterns in the fingerprint and in the scanned image on file do not have to match for fingerprint scanning systems to allow access to devices. They simply have to find a sufficient number of minutiae patterns in common. The exact number depends on the programming in the fingerprint scanning system.
The Advantages of Fingerprint Authentication
Fingerprint authentication has several advantages over authentication systems that use passwords, personal identification numbers, or access cards. Here are some of the most noteworthy advantages:
- Users cannot create weak fingerprints or forget them.
- Users cannot misplace their fingerprints (and if you lose your fingerprints, you likely have bigger issues than starting up Netflix on your tablet. Just sayin’).
- Criminals cannot guess a fingerprint pattern.
- If a mobile device using fingerprint authentication is lost or stolen, its contents cannot be easily accessed.
Because fingerprint authentication is convenient for users but not criminals, many device manufacturers are beginning to use this type of authentication. For example, the iPhone 5S and newer models use capacitance scanning to provide fingerprint authentication, and Windows 10 offers this as an option through the Windows Hello! feature.
The Disadvantages of Fingerprint Authentication
Fingerprint scanning systems are not perfect. Optical scanners cannot always distinguish between a high-resolution picture of a finger and the finger itself. Even capacitive scanners can sometimes be fooled by an artificial fingerprint. There are documented cases where fingerprint scanners have been duped with fingerprints lifted from glasses, CDs, and other items. The process is time-consuming and requires a lot of expertise, but it is entirely possible if someone is committed to accessing your device. You first need to enhance the fingerprint and get a high-quality digital image of it. You then need to turn the image into a mold in which you can pour gelatin or silicon to make the fake fingerprint. Already having a digital scan of a fingerprint would make the process easier and less time-consuming, potentially making it more lucrative to criminals. In September 2015, over 5 million federal employees learned that their fingerprint scans were stolen during the U.S. Office of Personnel Management (OPM) data breach that occurred earlier in the year. The OPM data breach was massive. Federal experts believe that the ability to misuse fingerprint data is currently limited, but this could change over time as technology evolves, according OPM Press Secretary Sam Schumach. After all, any new technology provides opportunity for cybercriminals to profit off of a new way to steal data. A group with expertise in this area will be reviewing the potential ways adversaries could misuse fingerprint data now and in the future. This group’s activities will likely give little comfort to the 5.6 million federal employees who already had their fingerprint scans stolen. Because while passwords, personal identification numbers, and access cards can be changed, fingerprints cannot be. As a result, they will likely have to worry about becoming victims for the rest of their lives. “While cybercriminals may not be positioned to leverage stolen biometrics now, that will change as these types of authentication are more widespread,” said Tim Erlin in an eSecurity Planet interview. Erlin is the director of IT security and risk strategy at Tripwire. “Most iPhones can use a fingerprint for authentication these days, and criminals always look for the most profitable targets.” One way you and the 5.6 million federal employees can protect yourselves at home is to use more than one type of authentication to access all devices. This is referred to as multifactor authentication.
Using Multifactor Authentication Is Best
With multifactor authentication, you use two or more types of credentials to access a device. The main types of credentials are often described as:
- Something you know. Examples include passwords and personal identification numbers.
- Something you have. Examples include access cards and fobs.
- Something you are. Examples include fingerprint and retinal scans.
Using fingerprint authentication with another type of authentication can provide a high degree of security. For more information about using multifactor authentication, talk to your Account Manager or contact us at 877-367-9348 or firstname.lastname@example.org.