Is it time to buy a biometric scanner?
All devices eventually will have the technology, so until then, use the ones that do
By Adam Levin, Special to ThirdCertainty
Identity theft is still out there, keeping pace with the latest innovations and security measures, and snaring new victims every day. With the advent of cheaper, standalone, easy-to-integrate biometric technology for authentication, is it time to buy a fingerprint scanner?
What’s a biometric scanner?
Biometric technology uses physical or biological information, like a fingerprint, retinal scan or heartbeat, to authenticate a person’s identity. You can currently purchase the most commonplace biometric scanner—that is, one that uses a fingerprint—starting at around $50. The scanner can be used to protect computers and other devices that support biometric scanning technology.
Do biometrics provide additional security?
The short answer: Yes.
Authentication can effectively use three things to keep the wrong people out: something you know, something you have and something you are. We’re all familiar with the first line of defense. “What you know” takes the form of security questions, passwords and a security picture, and there are various strategies to keep it all straight.
Some choose to use password managers or proprietary systems like Apple’s iCloud Keychain. Others prefer to have an encrypted personal security list (logins, passwords) stored on a cloud server. Still others put “what they know” (but couldn’t possibly remember) on a USB stored on a keychain or in a safe if the information is not encrypted. And, yes, some go a little further, choosing to use a fingerprint-encrypted drive (i.e., biometrics). How you manage what you know comes down to personal preference, but the first line of defense is not fail-safe. In fact, there are hacks and breaches all the time. (If you believe you were the victim of a hack, you can view two of your free credit scores on Credit.com for signs of identity theft.)
The second line of defense, “something you have,” could be access to an email account, a key fob or your mobile phone. You need to have your phone in hand, for instance, to receive the verification code so you can get waved through some digital security checks. This is called two-factor authentication—and, yes, it’s more secure than simply protecting accounts with an alphanumerical password.
The last line of defense, “something you are,” is a really hot topic right now. As I mentioned earlier, in sophisticated systems, this might include a scan of your retina, your finger- or handprints, your body weight (including ups and downs), your height, your face or all of the above. This information is clearly specific to you—and not so easily replicated—so again, it’s miles more secure that the old standard password or even two-factor authentication.
Needless to say, were you to implement a security protocol that combined all three of the above protocols of authentication, a) criminals would have a really hard time making any money, but b) we would all be frustrated.
Does it have a place in the home?
Biometric authenticators have been the security mode for quite some time in the military and wherever large amounts of money or gold or drugs or weapons are stored, as seen in countless spy and heist movies, but they are slowly making their way into people’s homes.
From smartphones to gun lockers to personal computers, a steady march of devices is offering a biometric element for the user-authentication process. One example comes by way of a new secure credit card being tested by MasterCard in a chain of supermarkets in South Africa. The card is able to store an encrypted copy of the user’s fingerprint, which would make it exceedingly difficult for a scammer to beat.
(Would it be impossible to beat? As with all great capers, only the crooks know for sure. There was a flurry of coverage not too long ago about how photos of people flashing a peace sign could lead to the theft of their fingerprints, thanks to the proliferation of high-definition cameras. But fact-checking website Snopes listed the story as “Unproven,” and for good reason. While it is theoretically possible, no criminals have been caught doing it.)
Should I buy a fingerprint scanner?
Here’s the rub: You won’t really need to.
Unless you were born a long time ago, you may not know what an 8-track is. It came before the cassette tape, which preceded the CD, which is the grandfather of the MP3. When you want to make a point about obsolescence, there are few better examples than those clunky old tapes. I bring them up because current standalone biometric scanners are without a doubt the 8-track of digital security devices.
If you accept the similarity between biometric scanning devices and MP3 players, the answer to the question above will be crystal clear. These days, MP3s can be played by all the devices we use most. We’re seeing the same thing happen with biometric scanning.
Whether it’s a smartphone, a computer or MasterCard’s new fingerprint-encrypted cards, all stripes of products you use on a daily basis eventually will feature built-in biometric scanners. And, if you are buying something today and prefer devices with built-in (rather than bolt-on) security, don’t despair. There already are plenty of choices out there. Case in point: Anyone with the latest generation of a particular smartphone likely has the option of locking and unlocking the device with their thumb.
Personally, unless and until all devices that should be secure feature biometric scanners, I would suggest opting for those that do—much in the same way I’d advise you to refrain from using “1234” as your password. You can learn more about biometric technology, how it works (and whether it can be hacked) here.
Full disclosure: CyberScout sponsors ThirdCertainty. This story originated as an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its partners.