Submitted by Micah Smith on Wed, 01/17/2018 - 10:58
Biometrics and Identity theft
Biometrics and Identity theft

The most popular and heavily used system for primary factor authentication worldwide is traditional passwords, which of course, hackers love.

Cracking numeric-text passwords can be approached in a variety of ways and most data breaches will start with a simple phishing campaign. Even the most novice of hackers will have some idea of how to break one factor authentication passwords, which according to Verizon, accounted for over 80% of cyber security hacks in 2016, we are sure the 2017 statistics are similar.

This has propelled companies, local and global, with concern or simple legal requirements towards both two- factor and biometric authentication.  Weighing up the pros and cons of Biometric authentication is time well-spent, especially in the light of the most recent cyber security incident in India, where over 1 billion are potentially affected by the large leak in the country's biometric database.

Details are being slowly released in the investigation of the security leak at the Unique Identification Authority of India, the company which issues these identity cards. These cards, used in social security offices, life insurance offices, national health centers and multitudes of other social welfare departments are immensely important on a national scale and if their security has been compromised, it's a big biometric problem.


Biometric identification, rather than slow down even the simplest of hackers uses a more sophisticated technology, known as biometric technology to identify individuals by their intrinsic physical or behavioral traits. This will slow down the less proficient hacker in ability rather than by number of seconds, dramatically reducing the percentage of security incidents.

One of the more prevalent biometric methods is facial recognition and it is becoming increasingly popular because of its growing availability.

How facial recognition actually works

Facial recognition systems consist of numeric sequences called faceprints which identify 80 different nodal points in a human face. Nodal points measure different descriptors of a person’s face, such as the length of the nose or the deepness of an individual's eye balls. Facial recognition works by capturing the data for nodal points on a photo or video image frame of an individual’s face and storing the data as a 'faceprint'. This print then gets compared to another digital image, or several images.

The most active area for facial recognition development is on smartphone apps. This is mostly by standard image tagging, such as on Facebook or other social networks and through personalized marketing.

On Facebook, each time an individual is tagged in a photograph, the software stores information about that person’s facial identifiers. As more details are stored, the 'faceprint' emerges and Facebook will suggest tagging those pictures with the name of the person it has identified.  

Apple claim that facial recognition along with their fingerprint scanner are a huge improvement in phone security. They even estimate that the error frequency is one in a million.

Facial recognition software has also upscaled the ability to provide tailor-made marketing to individuals. Imagine walking past a billboard and being scanned for your gender, ethnicity and age so that the advertising targeted to you will suit your profile. No need to imagine, it's already happening.

Steve Talley

But back to that Apple error frequency claim of 'one in a million'. Although Apple can definitely see the benefits of matching up facial nodal points to secure your phone, Steve Talley is that one in a million who isn’t jumping for joy over Biometrics.

Steve Talley, a Denver man wrongly accused of multiple Bank robberies because of his biometric similarities, has spent years fighting in court against wrongful and harmful charges.  After looking at the images, one could suggest that the two men, do in fact have several facial similarities, albeit that Steve Talley was a clear three inches taller than the bank robber.  This along with the potential threat of database hacks, such as in the India example, throw a curveball at the effectiveness of Biometrics.

In the light of so much biometric data being given freely, every day on Facebook, concerns are also growing about our privacy along with face recognition abilities. According to the National Institute of Standards and Technology, the rate of false positives in facial recognition is halved every two years. A research team at Carnegie Mellon recently created an iPhone app that snaps a person's photo and within moments return the individual's name, date of birth and social security number. That's how big the database is, think of every image where, you and your family may have been tagged on Facebook.

According to CBS News, almost 50% of United States citizens are embedded somewhere in a facial recognition database.

These systems are pretty good at pinpointing individuals if the images are clear, but when there are problems, such as bad lighting the software can be temperamental and mistakes with quite horrifying consequences have been made, such as the Steve Talley case.

In terms of cyber security incident reduction, Hackers are working on their own profit margin. If they have to spend too much time and energy trying to break in it's not worth it for them. Two factor authentications reduce the number of hacks, simply because the two-step process, usually a password and then an SMS or a biometric parameter, takes more time and effort on the part of the hacker. It's therefore less cost-effective for them to pursue.

Unless these systems are now becoming easy to break into and the India incident represents the future of biometric data. Hitting hackers where it hurts, in the pocket, remains to date the most effective way to slow down hackers, so increasing the standard of biometric authentication will only bring enhanced security.