Biometric authentication is a growing part of the tech landscape — it’s in our schools, offices, airports, government buildings, and more recently, in our smartphones. Apple’s introduction of Touch ID in 2013 has paved the way for fingerprint-, face-, and iris-recognition technology to leave the almost exclusive domain of law enforcement and emerge into the mainstream as a way to authenticate your identity and access accounts and physical spaces.
But while biometric data and its applications have taken the fast lane to success, their use also raises new issues around security and privacy that must be considered and managed. There are major risks that are unique to biometric authentication that aren’t present with other forms of authentication, such as passwords. Namely, you can always change your password if it leaks — but what if your password is your face? In this article, we’ll talk about how to understand such risks and mitigate them.
- How biometric authentication works
- Benefits of using biometric authentication
- Risks associated with biometric authentication
- How Proton Mail applies biometry
- How to keep your biometric data safe
How biometric authentication works
Biometry refers to the measurement and analysis of an individual’s physical traits, such as fingerprints, iris patterns, or even the way a person walks (as in “gait recognition”). This information is digitized by converting the physical characteristics (the ridges on a fingerprint, for example) into biometric templates comprised of data points based on specific formulas.
When a device or service uses biometry for authentication, the primary purpose is to verify that a person is who they claim to be by comparing their biometric data with previously collected and stored data.
There are several ways in which biometric data may be stored and processed, such as through database servers, encrypted tokens, or physical tokens. Typically smartphones use on-device storage of biometric templates, which ensures authentication occurs without any data being sent to a server. Thus, the biometric data remains secure as long as the device itself is not compromised.
Benefits of using biometric authentication
There are good reasons biometric authentication has expanded so rapidly. Here are the main ones:
Simplicity and convenience for the user
The overwhelming simplicity, at least from a consumer perspective, is a significant factor in the growing popularity of biometric authentication. After all, it’s much easier to place your finger on a scanner than to type in a 20-character password.
Higher authenticity
Biometry may provide greater levels of authenticity for users prone to weak passwords and PINs, which may be common to multiple users or easily shared. Fingerprints and iris patterns, however, are difficult to share or replicate (but not impossible). Unique identifiers are a necessary element for many applications, such as payments or access to secure spaces, making biometry the preferred choice.
Affordability
Technological advances have brought down the cost of components so that biometric authentication is now possible in a wide range of implementations. Consider Delta Air Lines, which offers an optional biometric check-in process to their fliers from curb to gate, saving passengers nine minutes per flight(nuova finestra).
Shoulder surfing
Hackers can try to break into your device or accounts by watching you as you enter your PIN code or unlock pattern. This is known as a shoulder surfing attack. Biometric authentication can help you be more resistant to this type of attack.
Risks associated with biometric authentication
Sometimes the submission of biometrics to a data controller is required as a condition for receiving services or benefits(nuova finestra), which begs the question: What is the cost of such convenience? The use of biometric data in a world where cybercrime is at an all-time high(nuova finestra) naturally comes with risks. Here are some of them:
Vulnerability to data breaches
It is well established that organizations that collect and store users’ personal data are under constant threat from hackers. Even as Delta collects biometric information about its passengers, the airline sector has been plagued(nuova finestra) by data breaches(nuova finestra).
Because biometric data is irreplaceable, corporations need to treat it with the utmost caution. If one’s password or PIN were to be compromised, there is always the possibility of resetting it. But the same cannot be said for one’s face, fingerprints, or irises.
Tracking and permanent digital records
Biometric authentication is still in its early stages, yet it already poses serious questions about privacy. When biometrics are stored server-side, particularly in jurisdictions subject to surveillance(nuova finestra) and secret warrants(nuova finestra), you risk leaving a permanent digital record or potential tracking by government authorities.
For instance, it is well known that during the recent Hong Kong protests, the government used facial recognition to track protesters(nuova finestra). As CCTV proliferates, your biometric data can become a permanent digital tag that authorities can use to identify and track you for the rest of your life.
False positives
Biometric authentication methods often rely on partial information — i.e., a finite number of data points — to authenticate your identity. For example, in 2018, a team from New York University trained an AI neural network to fraudulently crack fingerprint authentication(nuova finestra) at a success rate of 20%. They relied on the fact that most fingerprint scanners only scan a portion of the finger. Common elements can be used to fool them into mistaken authentication in a manner similar to a dictionary attack(nuova finestra).
To counter false authentication, such as unlocking Face ID when the user is asleep, Apple uses “liveness” detection. While Face ID stood up well against the 3D-printed head hack that beat several Android devices(nuova finestra), researchers eventually managed to find a way around it(nuova finestra).
Bias and inaccuracy
Not all facial recognition models are created equal, and even the best of them aren’t perfect. For example, the OnePlus 6 face unlock feature relies on the front camera and isn’t as secure(nuova finestra) as the Oppo Find X or Huawei Mate 20 Pro, which use 3D Infrared depth mapping(nuova finestra).
Even Apple’s Face ID, which builds a 3D depth map of your entire face using a 30,000-point dot matrix(nuova finestra), left the company red-faced when it failed to tell apart a Chinese woman from her colleague(nuova finestra), and subsequently a Chinese boy from his mother(nuova finestra), among others. Apple was slammed for racial bias(nuova finestra), indicating that they need to include more factors to perfect such features.
How Proton Mail applies biometry
Because biometric authentication is inherently risky, Proton does not use it for account login. To access your Proton account, you must provide your password.
We also recommend turning on two-factor authentication (2FA), which requires you to enter an additional piece of information — a time-based, one-time password generated by an app on a device you own — before accessing your account. With 2FA enabled, even if your password is compromised, a hacker cannot log in to your account without also gaining access to your device.
Once you log in to your account, you may choose to add an extra layer of protection to your Proton Mail app in your app settings. In both iOS and Android, you can choose to lock the app and require a PIN code or biometric authentication after the app has been unused for a given amount of time. This provides both extra security along with convenience in a relatively low-risk scenario (i.e., you already have an active session on your device). Authentication takes place locally, so no biometric data is ever sent to our servers.
In Proton Mail for iOS, enabling Face ID, Touch ID, or PIN protection also turns on the AppKey Protection System(nuova finestra), which is an extra layer of encryption for your Proton Mail data, defending against certain kinds of malware and forensic attacks.
Of course, the security decisions you make depend on your threat model. Using biometric authentication is not as safe as using a passcode or logging off every time. But these solutions are worse from a usability perspective. Users with heightened threat models should also consider the implications of enabling biometric authentication when crossing borders or engaging with law enforcement.
Learn how to choose a strong password(nuova finestra)
Learn how to protect your device when crossing borders(nuova finestra)
How to keep your biometric data safe
Here are some final tips to keep in mind when using biometric authentication:
- Use two-factor authentication (2FA) as much as possible. Here’s how to set up 2FA in Proton Mail(nuova finestra).
- If any device or service asks for your biometric information, check to ensure your data is stored locally on the device and not on a cloud-based server or transmitted over the network.
- Be aware of situations like music festivals or sporting events where biometric identification is collected(nuova finestra).
- As a standard practice, avoid clicking on suspicious links or installing unverified third-party apps on your device.
Our mission is to build a safer Internet, and being informed about how your data is protected can empower you to make better decisions about the services you use. If you have any questions or comments about biometric authentication, feel free to join the discussion on our social media channels.
Best Regards,
The Proton Mail Team
You can get a free secure email account from Proton Mail here(nuova finestra).
We also provide a free VPN service(nuova finestra) to protect your privacy.
Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(nuova finestra). Thank you for your support.