Sunday, 12 March 2017

Fingerprint Readers May Not Be Your Most Secure Option


Fingerprint readers are a quick, reliable and convenient method of encouraging users to secure their devices. At a time when we trust more and more of our essential and personal data to our smartphones it becomes more and more important to keep them locked to deter the sort of thief who is after more than just the monetary value of the phone itself.

However well they deter the opportunistic they also open an attack vector to the more determined miscreant: forced fingerprint use.

How easy is it to force someone to unlock their device with a fingerprint? Very easy indeed.

Take a look at all the information you currently access via your phone. Bank accounts, medical records, email accounts which open the door to dozens of other systems via password resets or two-factor authentication.

In future I don't believe a fingerprint will be a sufficiently robust form of security on its own. Especially given the success researchers have had in lifting fingerprints from physical items and even photos of fingers.

So what's the answer? I think we'll need to see some form of double biometric authentication in the future - maybe fingerprint and iris recognition. Perhaps simultaneously.

It won't be as convenient as unlocking the device as you turn it on, but it will be an awful lot more secure.

No comments: