Is it time to buy a biometric scanner?

All devices eventually will have the technology, so until then, use the ones that do

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Iden­ti­ty theft is still out there, keep­ing pace with the lat­est inno­va­tions and secu­ri­ty mea­sures, and snar­ing new vic­tims every day. With the advent of cheap­er, stand­alone, easy-to-inte­grate bio­met­ric tech­nol­o­gy for authen­ti­ca­tion, is it time to buy a fin­ger­print scanner?

What’s a bio­met­ric scanner?

Adam Levin, chair­man and co-founder of and Cyber­Scout (for­mer­ly IDT911)

Bio­met­ric tech­nol­o­gy uses phys­i­cal or bio­log­i­cal infor­ma­tion, like a fin­ger­print, reti­nal scan or heart­beat, to authen­ti­cate a person’s iden­ti­ty. You can cur­rent­ly pur­chase the most com­mon­place bio­met­ric scanner—that is, one that uses a fingerprint—starting at around $50. The scan­ner can be used to pro­tect com­put­ers and oth­er devices that sup­port bio­met­ric scan­ning technology.

Do bio­met­rics pro­vide addi­tion­al secu­ri­ty?

The short answer: Yes.

Authen­ti­ca­tion can effec­tive­ly use three things to keep the wrong peo­ple out: some­thing you know, some­thing you have and some­thing you are. We’re all famil­iar with the first line of defense. “What you know” takes the form of secu­ri­ty ques­tions, pass­words and a secu­ri­ty pic­ture, and there are var­i­ous strate­gies to keep it all straight.

Some choose to use pass­word man­agers or pro­pri­etary sys­tems like Apple’s iCloud Key­chain. Oth­ers pre­fer to have an encrypt­ed per­son­al secu­ri­ty list (logins, pass­words) stored on a cloud serv­er. Still oth­ers put “what they know” (but couldn’t pos­si­bly remem­ber) on a USB stored on a key­chain or in a safe if the infor­ma­tion is not encrypt­ed. And, yes, some go a lit­tle fur­ther, choos­ing to use a fin­ger­print-encrypt­ed dri­ve (i.e., bio­met­rics). How you man­age what you know comes down to per­son­al pref­er­ence, but the first line of defense is not fail-safe. In fact, there are hacks and breach­es all the time. (If you believe you were the vic­tim of a hack, you can view two of your free cred­it scores on for signs of iden­ti­ty theft.)

The sec­ond line of defense, “some­thing you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the ver­i­fi­ca­tion code so you can get waved through some dig­i­tal secu­ri­ty checks. This is called two-fac­tor authentication—and, yes, it’s more secure than sim­ply pro­tect­ing accounts with an alphanu­mer­i­cal password.

The last line of defense, “some­thing you are,” is a real­ly hot top­ic right now. As I men­tioned ear­li­er, in sophis­ti­cat­ed sys­tems, this might include a scan of your reti­na, your fin­ger- or hand­prints, your body weight (includ­ing ups and downs), your height, your face or all of the above. This infor­ma­tion is clear­ly spe­cif­ic to you—and not so eas­i­ly replicated—so again, it’s miles more secure that the old stan­dard pass­word or even two-fac­tor authentication.

Need­less to say, were you to imple­ment a secu­ri­ty pro­to­col that com­bined all three of the above pro­to­cols of authen­ti­ca­tion, a) crim­i­nals would have a real­ly hard time mak­ing any mon­ey, but b) we would all be frustrated.

Does it have a place in the home?

Bio­met­ric authen­ti­ca­tors have been the secu­ri­ty mode for quite some time in the mil­i­tary and wher­ev­er large amounts of mon­ey or gold or drugs or weapons are stored, as seen in count­less spy and heist movies, but they are slow­ly mak­ing their way into people’s homes.

From smart­phones to gun lock­ers to per­son­al com­put­ers, a steady march of devices is offer­ing a bio­met­ric ele­ment for the user-authen­ti­ca­tion process. One exam­ple comes by way of a new secure cred­it card being test­ed by Mas­ter­Card in a chain of super­mar­kets in South Africa. The card is able to store an encrypt­ed copy of the user’s fin­ger­print, which would make it exceed­ing­ly dif­fi­cult for a scam­mer to beat.

(Would it be impos­si­ble to beat? As with all great capers, only the crooks know for sure. There was a flur­ry of cov­er­age not too long ago about how pho­tos of peo­ple flash­ing a peace sign could lead to the theft of their fin­ger­prints, thanks to the pro­lif­er­a­tion of high-def­i­n­i­tion cam­eras. But fact-check­ing web­site Snopes list­ed the sto­ry as “Unproven,” and for good rea­son. While it is the­o­ret­i­cal­ly pos­si­ble, no crim­i­nals have been caught doing it.)

Should I buy a fin­ger­print scanner?

Here’s the rub: You won’t real­ly need to.

Unless you were born a long time ago, you may not know what an 8-track is. It came before the cas­sette tape, which pre­ced­ed the CD, which is the grand­fa­ther of the MP3. When you want to make a point about obso­les­cence, there are few bet­ter exam­ples than those clunky old tapes. I bring them up because cur­rent stand­alone bio­met­ric scan­ners are with­out a doubt the 8-track of dig­i­tal secu­ri­ty devices.

If you accept the sim­i­lar­i­ty between bio­met­ric scan­ning devices and MP3 play­ers, the answer to the ques­tion above will be crys­tal clear. These days, MP3s can be played by all the devices we use most. We’re see­ing the same thing hap­pen with bio­met­ric scanning.

Whether it’s a smart­phone, a com­put­er or MasterCard’s new fin­ger­print-encrypt­ed cards, all stripes of prod­ucts you use on a dai­ly basis even­tu­al­ly will fea­ture built-in bio­met­ric scan­ners. And, if you are buy­ing some­thing today and pre­fer devices with built-in (rather than bolt-on) secu­ri­ty, don’t despair. There already are plen­ty of choic­es out there. Case in point: Any­one with the lat­est gen­er­a­tion of a par­tic­u­lar smart­phone like­ly has the option of lock­ing and unlock­ing the device with their thumb.

Per­son­al­ly, unless and until all devices that should be secure fea­ture bio­met­ric scan­ners, I would sug­gest opt­ing for those that do—much in the same way I’d advise you to refrain from using “1234” as your pass­word. You can learn more about bio­met­ric tech­nol­o­gy, how it works (and whether it can be hacked) here.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:
Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?