The idea of using biology for security sounds like something out of a spy novel or sci-fi movie. Accessing valuable data via an iris scan or starting a car with nothing more than a read of the driver’s fingers seems like a thrilling future, free from unsecure keys or passwords. Unfortunately, this is a misleading train of thought. If you replace your passwords with biometrics, you could be putting yourself at greater risk.
Fingerprint scanners are a common method of biometric security. Your smartphone or laptop likely offers the option to scan your thumb instead of entering a password. However, fingerprint security, at its core, is flawed. People say every fingerprint is unique, but there is no scientific evidence to support this claim. In 1892, when anthropologist Sir Francis Galton suggested it was unlikely two individuals would have the same fingerprints, he offered no concrete data to back up this hunch.
This doesn’t mean iris scanners or DNA locks are any better. Biometrics aren’t secure from a legal standpoint. A password is knowledge, and the Fifth Amendment of the U.S. Constitution protects citizens from information they know that might be used against them. However, as chief technologist of the Center for Democracy and Technology, Joseph Lorenzo Hall, warns, “A biometric factor is not in your head. It’s not mediated by knowledge.” Therefore, you can be legally compelled to put your eye to an iris scanner or provide a sample of your DNA.
The greatest downside to biometric security is that these elements are literally irreplaceable. If your password or credit card number gets leaked to an unfriendly source, you can change it. A new credit card number can be assigned to you, but you can never get new fingerprints if criminals steal your biometric records.
It’s easy for this information to get out, too. In 2015, the Office of Personnel Management was hacked, and hackers stole the fingerprint files of over 5.6 million government employees. Even if you don’t have your biometrics stored somewhere, a criminal can steal this information with relative ease. A close-up picture of your face can provide enough data for an iris scan, and fingerprints can be easily lifted from your morning cup of coffee. Biometrics might seem like the future of security, but you’re really just offering criminals easy access to your data and your very identity.