Are biometrics the future for mobile authentication?

Is your data secure behind your fingerprint ID?
Is your data secure behind your fingerprint ID?

Past attempts to introduce biometrics into business have proved futile. When laptops featured fingerprint scanners years ago, one expert was able to bypass security using a gummy bear.

But now, improved and more accurate touch scanners are bringing biometrics back into the security domain. The convenience of Apple's iPhone TouchID technology has appealed to the mass market, making it increasingly likely to appear in a corporate setting.

Apple TouchID

Apple's TouchID system

The idea of fingerprint scanners is also backed by vendors including Microsoft as an improvement to static passwords. As such, Windows 8.1 gives users the option to switch accounts and to pay for apps using this method. Meanwhile, Fujitsu is using fingerprint scanners on some of its laptops in Japan.

In the smartphone space, a wide range of devices - such as those made by HTC and Samsung - are likely to introduce scanners in the near future, while Google's Android has already dipped its toes into biometric authentication.

Some businesses will look into multimodal biometrics, which features multiple methods of identifying the user, bringing down the potential for error. Devices such as the Xbox One are already doing this by combining elements including voice and facial recognition.

Mobile devices are thought to be the next big driver for biometrics, so it's not surprising that authentication based on behaviour is another growing area. This type of biometrics can be based on elements such as typing behaviour, Thomas Bostrom Jorgensen, CEO of security vendor Encap, says: "The way you type can be used to build a profile and the device can then recognise the user."

Bypassing biometrics

So how easy are mobile biometrics to bypass? The security community isn't convinced by their viability.

In September, the German Chaos Computer Club (CCC) claimed to have defeated Apple's scanner using a latex copy of a fingerprint. The group thinks that it is "plain stupid" to use a method of authentication "that is left around every day".

"We have said now for years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," a hacker with the nickname Starbug said at the time.

Therefore, on their own, scanners such as those used by Apple are just "security theatre", says Jon Inns, Director of Project Management at security company Accumuli."Even with TouchID enabled you still have a PIN on the iPhone 5s; the fingerprint doesn't replace that entirely – so fundamentally we're still securing sensitive information with a password," he says.

Scanners

Biometrics can be bypassed; it depends on the scanner's accuracy, Adam Badaoui, Cyber-Security Consultant at Information Risk Management, says. He adds that iris scanning, where authentication is based on a person's eye, is probably the most accurate method.

Biometrics that use what is dubbed 'local' features are also thought to be more secure, but they are complex to achieve. The first step is to capture the image; then processing is done to enhance it and make sure it's read. Next, 'binarization' takes the image and represents it in a digital form, after which the picture must be thinned down. This a complicated process using multiple algorithms.

Biometrics can also be expensive and it is therefore unlikely they will be adopted on a massive scale just yet. However, with Apple, Microsoft and Google's Android on board, it is likely this form of authentication will start appearing on an increasing number of mobile devices. When biometrics does become widespread, it will come as part of a business' layered security strategy along with mobile device management (MDM) tools, rather than forming a standalone method of authentication.

Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Latest in News
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Nespresso Vertuo Pop machine in Candy Pink with coffee drinks and capsules
My favorite Nespresso coffee maker just got a fresh new makeover, and now I love it even more
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC