If you log into your phone or computer using Face ID or your fingerprint, you’re using biometric data to authenticate your identity. It’s an easy and secure login method because it only requires something you are, not something you remember. Biometric data is made up of your specific physical characteristics, such as your face, your voice, or your fingerprints, which can feel safer.
Logging into an app stores your biometric data locally on your device using the operating system, making it a reliable way to use your biometric data safely. But it’s also possible for biometric data to be collected and used dangerously. Hackers can still steal this type of data from insecure apps and by gaining unauthorized access to social media accounts or drives; it’s harder to get access to than your passwords, but a lot more damaging to lose control of. We’ll explain how to protect your biometric data with a few easy steps.
What is biometric data?
Biometric data is information derived from a your unique physical or behavioral characteristics that can be used to identify or verify who you are. This can include fingerprints, facial features, iris or retina patterns, DNA, voice, typing rhythm, walking style, or how you sign your name. Biometric logins have become popular in consumer tech because they make it faster and easier to access your devices.
Because these traits are uniquely tied to an individual, biometric data is often used for security and authentication, like unlocking phones or passing through border control. It’s considered highly sensitive since misuse or breaches can have irreparable impact on your personal privacy.
What is biometric data used for?
Here are some ways biometric data helps make things more convenient:
Identity management
One of the most common use cases for biometric data is logging into a device. To prevent anyone accessing your phone or your laptop without permission, your device can use an identity check to confirm that you’re you. This process is called identity management, and it can apply to both your personal and work accounts.
Any device that asks you to enter a password or a PIN, scan your finger, or use a security key such as a Yubikey is using identity management to make sure that no one else can access your device. When it comes to business accounts, this is an important aspect of protecting sensitive data and the business network more broadly.
Enhanced security
Passwords don’t always go far enough when it comes to account protection. Deploying two-factor authentication is a way to create an extra verification layer, ensuring that you have to supply at least two types of identifying information: a password and something else, like a code sent to a 2FA app.
Using your biometric data to log in is a good way to strengthen your account security because it’s much harder for a hacker to get access to, especially if the biometric data is stored locally on your device. This is ideal for important accounts such as online bank accounts, government service portals, and healthcare providers.
Easier logins
Biometric logins are easy to use, which is why they’ve grown in popularity in recent years. Simply using Face ID or your fingerprint to log into your phone is easier than remembering a PIN or a password. Your biometric data doesn’t change, so being locked out of your accounts is unlikely. Most consumer and professional devices now give you the option to use one or multiple types of biometric data to because of this convenience.
What types of biometric data are commonly collected?
Many types of biometric data can be collected, but not all of them have day-to-day applications. For example, your DNA and your body scent can be mapped, but neither is particularly easy to capture or check, so they’re not used widely. Instead, consumer tech relies on four types of biometric data:
Fingerprint: Your fingerprint can be used to unlock smart devices and grant access to secured buildings such as offices. Fingerprints are the oldest form of biometric identification humans have collected, used for centuries to sign contracts and for forensic investigation.
Face: Many devices such as iPhones give you the option to unlock your phone with your face. CCTV, facial recognition technology, and border control systems can also be used to identify you.
Iris: Similarly to facial recognition, your iris can be mapped and used as a form of biometric data. This technology is currently less widespread than facial recognition, but it’s being used by some law enforcement agencies, fraud prevention agencies, and consumer tech businesses.
Voice: Your voice is also a form of biometric data. Smart home devices and speakers that respond to your voice, such as Amazon’s Echo devices and the Google Home Speaker, create a ‘voice print’ using the sound and rhythm of your voice.
In the future, it’s possible we’ll see new forms of biometric data collected and used as login methods as technology advances. Until then, these are the types you’ll be asked to create by most devices, applications, and services.
Are there any concerns about biometric data?
While useful and safe to use for login purposes, improper use of biometric data can risks to your privacy and security:
Identity theft
Biometric data is sensitive because it’s tied to your identity. With your face and your fingerprint, someone could theoretically apply for government services, open bank accounts, and commit fraud in your name. For this reason, biometric data is regulated like any other type of personal data, by bodies such as the ICO in the UK, the GDPR in the EU, and the FTC in the US. In the UK and the EU, biometric data that can be used to identify an individual is classified as special category information, which receives extra legal protection and limits who can collect it and how long it can be stored.
Corporate misuse
Concerns are growing when it comes to companies attempting to collect biometric data. In 2023, ChatGPT founder Sam Altman launched a crypto venture called Worldcoin(neues Fenster) that saw applicants receive free crypto tokens in return for having their irises scanned. Altman claimed that iris scans would allow users to verify their human status on the blockchain safely, as well as partnering with businesses including Visa and Tinder.
However, squeamishness over exactly why the business needed iris scans and how it would use them prevented the venture from really taking off. The company has since ceased operations(neues Fenster) in multiple countries, and rollout was ironically delayed in the US.
Companies aren’t just asking you for your biometric data, they can collect it passively. The Google Play store asks for your fingerprint when you make a purchase, allowing Google to verify that it’s you making purchases by connecting your biometric data to your purchase history. This is useful for building profiles of your activity that can then be used for targeted ads.
Social engineering and deepfakes
Videos you upload to Instagram or your Google Drive can contain valuable biometric data like your face and voice, which could be collected by bad actors or third parties looking to sell to data brokers. It’s also possible to make deepfakes using photos and videos, which can be used for blackmail. Ultimately, your biometric data is just as valuable (if not more) as data such as your passwords and email address.
How to protect your biometric data
Staying in control of your personal data and protecting your online privacy are essential in a world where more sensitive information is being collected than ever before. Thankfully, you don’t have to be a tech expert to be careful on the internet. There are simple steps you can take to protect your biometric data:
- When it comes to biometric unlock for apps, be sure that any apps you use biometric logins for use system-level authentication and verify their data sharing permissions.
- Disable biometric unlock in high-risk situations where authorities may legally compel device access, such as border crossings. For example, when crossing US borders(neues Fenster), officials may require you to unlock your phone with Face ID or your fingerprint. They’re able to do this without your consent(neues Fenster), so a password or a PIN is a safer choice because it’s harder for them to enforce compliance.
- Share photos and videos online with caution: consider making your social media accounts private so that you control who can see your posts, and use a secure drive to store anything personal.
Protect your biometric data with Proton
Ultimately, it’s impossible to fully opt out of using technology that collects your biometric data, but you can control where you store it and what you use it for. The right tools make this easier by building security and privacy into every step, both at work and at home.
Biometric data can be found in sensitive files like ID photos, password scans, videos with your face, and voice recordings, which are commonly targeted by actors looking to collect, process, and exploit biometric data. Proton Drive is an end-to-end cloud storage solution that keeps your files private. You can store files securely, protecting them from third parties, including advertisers and hackers. Files can be shared with friends, family, organizations without worrying about who can access them: only those with permission can access your files.
Securing all of your online accounts is also essential for protecting your data. Proton Pass is an end-to-end encrypted password manager that protects your passwords, email address, and other sensitive data. You can adopt 2FA, create strong passwords, create email aliases, create identities for work and home, and even share passwords securely. Proton Pass also supports biometric unlock using your device’s built-in security features. Your biometric data is never accessed, stored, or processed by Proton. It remains securely stored on your device and is only used to unlock your encrypted vault locally.
Available on any platform and any device, Proton Pass and Proton Drive are ideal tools for taking control of your biometric data.
Choosing platforms that minimize data collection and give you control over how your data is used helps protect your sensitive information like biometrics.
