As I skimmed through this article I was reminded of the reality of biometrics. It is a statistical algorithm designed to compare what was registered to that was just sensed. It is an imprecise process. The author reminds us of the importance of our identity in each and every interaction we engage in. She further ponders the question, of the potential threats to the biometric solutions that countries, people and enterprises are embracing, as we work to address the questions of Authentication and Identification in our complex digital and physical world.
The article asks the questions:
- Do the countries and enterprises understand the technology and processes used to support biometrics as a means of authentication.
- Do they appreciate the need to secure and protect this most sensitive of data?
- Is the data they store able to be used to compromise the individual of the integrity of that which it seeks to protect?
- Are we at risk of creating a surveillance society?
Finally there is the question of the accuracy of biometric matching. It is interesting to observe the comparison of the accuracy of biometric matching to PIN or password matching. We all recognize the challenges of PIN and password. It is not the concept it is the question of how many complex PIN or passwords is the human mind capable of retaining without writing them down or storing them someplace that can be compromised.
As I have argued in other blogs, the answer must be in the possess of something unique which has a False Reject Rate FRR and a False Accept FAR Rate, both approaching zero. Clearly the PIN or password has such a characteristic the challenge is in remembering so many. An object or a thing “Something You Have”, be it a card, phone, watch or bracelet with a Restricted Operating Environment inside e.g. secure element, TEE or TPM, secured using strong cryptography, paired with a biometric makes the most sense.