Biometric Authentication Improves Security

As computing becomes more portable and ubiquitous, the risk at which various aspects of our identities are placed is increasing. It was already great before, but whereas in the past a lost or stolen wallet might mean missing cash and canceled credit cards, a missing smartphone or laptop might lead to compromised access to banking or other confidential data in the hands of nefarious individuals.

Yet many of our prized gadgets are completely unprotected. Smartphones can be unlocked with the press of a button, many laptops can be accessed sans password, and once in, an attacker likely has access to stored credentials at any number of locations.

The key to combating this is the process of authentication. Simply put, authentication is your proof to some other entity that you are whom you claim to be. Just how this is done has taken many forms over the years, and continues to evolve as technology improves.

Perhaps the most common form of authentication is the username and password combination. This method is fairly easily understood, implemented and used, and is the most common means of authenticating one's self to any number of devices and services.

Of course, passwords have their flaws. They can be easily forgotten or lost track of, which is why many browsers and applications offer facilities for storing them with a single master password. If that master password is forgotten then access to all other passwords is lost. Then again, should that password be compromised then all others have been as well.

More evolved methods of authentication involve tying passwords or other authentication data to physical devices. Smartcards are one such method, requiring that the user have a physical object instead of or in addition to a password. This helps improve password schemes some, but a skilled attacker can easily forge a card or other access device.

Another method gaining popularity rapidly is biometric authentication. In essence, this uses some trait of the authenticated individual's biology to replace or supplement other authentication methods. For instance, a fingerprint may be needed to access certain files, or retinal scans may also be employed in some circumstances.

In some ways, biometric authentication is more secure than are physical devices. Forging biometrics generally involves a greater amount of access to the victim's person or physical surroundings than is necessary to compromise other methods. Passwords can and have been broken without ever having met someone. Doing so for biometric authentication schemes is vastly more difficult. Furthermore, compromising a biometric authentication scheme not only requires physical access to someone's person, but access to the device doing the authentication as well. While this is certainly true for other physical authentication schemes, the extra layers required of biometric methods make attacks more difficult.

Even the most obfuscated authentication methods aren't completely secure, and biometrics have their flaws. Fingerprint scanners can be fooled, and consumer-grade biometric technology is still fairly young. The key to secure authentication is two-fold. First, be sensible in the choices you make, conscious of those which put you at greater risk. Next, use a variety of methods such that no single uncaught mistake can compromise the entire authentication system. In that spirit, biometric authentication isn't an ends in and of itself, but one of many means to help ensure greater security and privacy.