Biometrics authentications are good for physical security but ruin the security of password protection and generate a false sense of security in cyber space. Deployed with a fallback password against false rejection, they provide the level of security that is even poorer than a password-only authentication as illustrated in the video - Biometrics in Cyber Space - "below-one" factor authentication ( https://youtu.be/wuhB5vxKYlg ).
Elsevier's "Biometric Technology Today" has now published an article of mine titled "Biometrics: great technology for physical security, probably big mistake for cyber security?" in the May/2016 issue as announced at
http://www.sciencedirect.com/science/article/pii/S0969476516300881
The conclusion of the article is “In summary, based on this analysis, in most cases authentication by biometrics provides poorer security than pincode or password-only authentication. And given that a false sense of security is often worse than the lack of security, I would like to put forward these suggestions: the vendors of smart devices who are conscious of the privacy and security of consumers could tell consumers not to turn on the biometric functions; consumers who are concerned about their privacy and security could refrain from activating the biometric backdoors; and the deployment of biometric solutions could instead be recommended where consumers can accept ‘below-one’ factor authentication in return for better convenience.”
-------------------------------------------------------
Similar articles of the same tenor have been published or taken up by
- Payments Journal: Misuse of Biometrics Technology
http://www.paymentsjournal.com/Content/Blogs/Industry_Blog/30986/
- Information Security Buzz: Misuse of Biometrics – Blind Spot in Our Mind and False Sense of Security
http://www.informationsecuritybuzz.com/articles/misuse-biometrics-blind-spot-mind-false-sense-security/
Misuse in Cyberspace of Biometrics Discussed on Media
1. - Misuse in Cyberspace of Biometrics Discussed on Media -
Elsevier's "Biometric Technology Today" has published an article of mine titled
"Biometrics: great technology for physical security, probably big mistake for cyber
security?" in the May/2016 issue as announced at
http://www.sciencedirect.com/science/article/pii/S0969476516300881
The conclusion of the article is “In summary, based on this analysis, in most cases
authentication by biometrics provides poorer security than pincode or password-only
authentication. And given that a false sense of security is often worse than the lack of
security, I would like to put forward these suggestions: the vendors of smart devices
who are conscious of the privacy and security of consumers could tell consumers not to
turn on the biometric functions; consumers who are concerned about their privacy and
security could refrain from activating the biometric backdoors; and the deployment of
biometric solutions could instead be recommended where consumers can accept ‘below-
one’ factor authentication in return for better convenience.”
-------------------------------------------------------
Similar articles of the same tenor have been published or taken up by
- Payments Journal: Misuse of Biometrics Technology
http://www.paymentsjournal.com/Content/Blogs/Industry_Blog/30986/
- Information Security Buzz: Misuse of Biometrics – Blind Spot in Our Mind and
False Sense of Security
http://www.informationsecuritybuzz.com/articles/misuse-biometrics-blind-spot-mind-
false-sense-security/
- SC Magazine UK (1): False sense of security spreading on a gigantic scale
http://www.scmagazineuk.com/false-sense-of-security-spreading-on-a-gigantic-
scale/article/478372/#disqus_thread
- SC Magazine UK (2): Biometrics deployed with a fallback password: statistics on false
sense of security
http://www.scmagazineuk.com/biometrics-deployed-with-a-fallback-password-statistics-
on-false-sense-of-security/article/485434/
- Forbes: Even Poor Biometrics Are Better than No Security At All
http://www.forbes.com/sites/tonybradley/2016/03/21/even-poor-biometrics-are-better-
than-no-security-at-all/#1e8840404bc2
- ProgrammableWeb : FBI Apple Debacle Is a Reminder of How Fingerprint Sensors
Actually Worsen Security
http://www.programmableweb.com/news/fbi-apple-debacle-reminder-how-fingerprint-
sensors-actually-worsen-security/analysis/2016/04/04
2. - ValueWalk (1): iPhone Encryption – Bio-metrics More Vulnerable To Backdoor Than
Password
http://www.valuewalk.com/2016/03/iphone-encryption-biometric-backdoor/
- ValueWalk (2): How To Hack The Security Of Smartphones
http://www.valuewalk.com/2016/03/how-to-hack-the-security-of-smartphones/?all=1
- CloudTweaks: WHAT TECHNOLOGY CAN DISPLACE THE PASSWORD?
http://cloudtweaks.com/2016/03/technology-displace-password/#wpautbox_latest-post
- HackRead(1): FBI identifies WhatsApp as next target while court case with Apple
goes on
https://www.hackread.com/fbi-identifies-whatsapp-as-next-target/
- HackRead (2): Backdoor on Your Smartphone Already Exists — Explained
https://www.hackread.com/backdoor-on-smartphones-already-exists/
- Top Tech News: Peril of Backdoor on Smartphones -- Blind Spot in Our Mind &
False Sense of Security
http://www.toptechnews.com/article/index.php?story_id=1300029WZHNC
- CIO Today: Peril of Backdoor on Smartphones: Blind Spots in Our Mind
http://www.cio-today.com/article/index.php?story_id=0110006XJ2BO
- Point of Sales: How Biometrics Can Weaken Security On A Device
http://pointofsale.com/2016040510437/Point-of-Sale-News/How-Biometrics-Can-
Weaken-Security-On-A-Device.html
26th May, 2016/
Hitoshi Kokumai