Fingerprint Sensor Myths

As the Internet of Things continues to grow, more and more of our personal and business matters are being handled online. Thus, the internet is becoming a hotbed for cyber attacks, demonstrated by the various hacking stories in the news lately. Smartphones and PCs are often targeted since they usually contain a wealth of personal data. Thus fingerprint sensors are being implemented on these devices in order to properly identify and grant access to the legitimate owner.

But with new technology comes new concerns and critiques. Some people believe that fingerprint sensors are not as secure as they are being touted, while others believe the concept is simply not feasible. Here are some of the most common myths about this biometric technology.

Myth: It’s easy to spoof a fingerprint.
Despite its portrayal on the big screen, taking a high-resolution photo of a fingerprint or recovering a latent print would be extremely difficult. This method is known as an “attack spoof” and, because of its challenging nature, would not be a method that a criminal would likely use. With the exception of an extremely high-value target, it simply would not be worth the effort.

The main reason this myth persist is because this process can be easily demonstrated with a willing participant. You can create a spoof of your own fingerprint by creating a mold with various substances, including glue or clay. Fortunately, new anti-spoofing algorithms are constantly working to combat this.

Myth: Optical sensors are less secure than capacitive sensors because they store the actual fingerprint image.
Optical sensors do NOT store the complete fingerprint image. Instead, the biometric information is converted into a “template”. This template retains certain parameters while discarding the rest, and is then encrypted when the abstract data is stored. Since it is not a complete image, even if the fingerprint template is somehow retrieved, recreating a fingerprint from the template data is not possible. This applies to both optical and capacitive sensors.

Myth: If a bad guy gets the fingerprint image off of your phone or PC, he can use it to access your phone.
As previously mentioned, fingerprint images are not stored on your smartphone or PC, therefore, they cannot be stolen from your device.

Myth: Multi-factor biometric security on mobile devices is hard and/or expensive to do.
There is some truth to this. Mobile devices already have fingerprint sensors and front-facing cameras, so we can expect to see an increase in multi-factor authentication based on your fingerprint and face. Other combinations (e.g. iris and voice recognition) will likely follow.

Now comes the hard part. The algorithms that combine multiple biometric factors into a single trust score need to be thoroughly verified. While this is a complex process, expect to see it become available in the near future. When that happens, we will see a strong network in place that supports multi-factor authentication across various platforms and applications.

Myth: Contextual factors aren’t enough to secure a mobile device.
This statement should read that contextual factors “alone” are not enough to secure a mobile device. When combined with biometric authentication, contextual factors can be part of a smart and strong security solution. For example, smartwatches can stay unlocked until you take them off, offering convenience and security. Contextual factors, such as location, proximity, room monitoring, etc., will allow your device to remain unlocked as long as you are in your office, or to authorize transactions without additional authentication.

Myth: Fingerprint sensors have to be on the home button or back of the smartphone.
Fingerprint sensors are available in a broad range of form factors, including slim sensors that fit within the power button. New sensors also work under the cover glass and detect fingerprints so that the physical home button can be eliminated, thus enabling edge-to-edge infinity displays. We may eventually see solutions in which the entire display contains sensors, allowing an effective fingerprint scan from anywhere on the screen.

Myth: Biometric authentication is just for security.
This technology is not only used for security, but can also enhance the user experience. For example, if you are driving a car that uses a fingerprint scan on the start button, it may adjust preferences (e.g. seat, mirrors, infotainment) to match the user. In the case of a smart home, a fingerprint scan may unlock a door, trigger preferred lighting and music settings, and possibly restrict access to certain home features (for time-shares or rentals).

Myth: Optical sensors are too big/power-hungry for fingerprint scanning in a mobile device.
Thanks to technological advances, optical sensors are small and efficient enough to be used in mobile devices. Some optical sensors can generate more in-depth fingerprint images which allow for more details to be used in the fingerprint template.

Myth: All fingerprint solutions are equal, so cost should be the deciding factor.
Fingerprint-sensor providers offer a range of solutions utilizing different technologies (e.g. capacitive vs. optical) with varying security levels, form-factor options, power consumption, durability, and software. It is best to look at the specifications of both the hardware and software involved before making your decision, rather than basing your decision solely on cost.

Myth: Biometrics are too difficult/too expensive to manage for use in enterprise environments.
When it comes to enterprise environments, fingerprint solutions are actually more secure than username/password configurations. With fingerprint solutions, the need for password resets or IT support calls are eliminated. Because of this, maintenance and support for these systems is easier, which is crucial in today’s cloud-based business world. And updating PCs is simple via a peripheral USB dongle-based fingerprint sensor, or a mouse with embedded fingerprint sensor.

Myth: Encryption is enough to protect a fingerprint template file.
Encryption is used to protect the template file while it is being stored, generally in a small amount of non-volatile RAM (NVRAM). However, more protection is necessary for when the template must be decrypted, for example, during the testing for a match. These security architectures can include match-on-host solutions, secure element, and match-in-sensor solutions.

What are your thoughts on the future of fingerprint sensors and biometric technology? Connect with us on Facebook, Google+, Twitter, LinkedIn, and Pinterest.

Invest in your security and safety when you shop at SecurityCamExpert.com. Find CCTV surveillance cameras, DVRs, NVRs, and more to monitor and secure your home or business. Call 888-203-6294 to learn more!