In theory, biometrics are a great way to authenticate a user: it’s impossible to lose your fingerprint (barring the most gruesome of developments), you can’t forget it like you could a password, and it’s unique to you.
In practice, though, there are so many things that, for now, limit a more widespread use of this technology.
One of the problems has been pointed out by Guy Churchward, CEO of LogLogic. He says that it is its uniqueness the thing that makes using biometric data an inherently flawed choice for a primary method of authentication.
“Once you have your fingerprint scanned it will give a unique data sequence which if compromised is not exactly something you can change,” he says. “Imagine having an option of only one password ‘ever’. One loss and you are screwed.”
Another problem is that current scanners still can’t recognize if the fingerprint is on a real finger or an artificial one. Andrew Clarke, of e-DMZ Security, says that in theory, one could get a hold of the user’s fingerprint using techniques used in crime detection and transfer it on an artificial finger. This will likely change as the technology evolves, but for now the system is still fallible, and not suitable to be a primary solution to the authentication problem.
“As with all authentication, multiple factors increases the effectiveness of the solution. Something you have (fingerprint) combined with something you know (passcode) provides a stronger solution,” he says.
According to SC Magazine, David Ting, CTO of Imprivata, sees the good side of this kind of authentication. Saying that the contents of any computer should be encrypted, and the access to its content secured by a password AND by biometrics. According to him, a biometric password is infinitely more difficult to recover using a brute force attack than a “normal” password.
He is in favor of using a complex passwords initially to thwart cracking, and as regards the secure access to the Windows logon, biometric, one-time password tokens or smartcards should be used because of the aforementioned reason.