Step-by-Step Analysis of Why and How Biometrics Brings Down Security
This is a follow-up of my earlier post – “Reality that so many security experts opt to not speak”
- Biometrics is probabilistic; it measures unpredictably variable body features of living animals in ever changing environments.
- Therefore, biometrics does not escape the trade-off between False Acceptance (False Match/False Positive) and False Rejection (False Non-Match/False Negative), outline of which is shown in the graphs above.
- The presence of False Rejection forces a fallback measure to be pr-provided in case the correct user gets rejected.
- Biometrics and a fallback measure need to be used together in a ‘multi-entrance’ deployment, as against a ‘multi-layer’ deployment. The former increases the attack surface (= brings down defense), while the latter decreases it (=brings up defense).
- Unless a default password/PIN is invalidated not to work as a fallback measure (with availability sacrificed), the overall security is lower than that of the default password/PIN used on its own.
As such, it is not that biometrics is not so secure as it claims to be, but that biometrics destroys the defense which a default password/PIN has otherwise provided.
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
< Videos on YouTube>
I today take up this The Register report - “Client ...
I got interested in this article -on the password ...
You have no groups that fit your search