This article focuses on the theft of a complete fingerprint image. Stay tuned for a follow-up article on why you also don’t need to worry to much if your biometric template is stolen from an authentication system. by
With the rise of biometrics in use across our business and personal lives, it can be easy to fear having your fingerprints stolen. If your fingerprints are stolen someone could easily begin to access all of the different apps and devices that you’ve locked down with them.
Not so fast.
Having your fingerprints stolen doesn’t immediately mean you’re a victim of identity theft. It’s not that simple.
Biometrics & Device Security
Whether you’re using your fingerprint to unlock your phone or secure access to your company laptop, you might worry that if it’s stolen those devices are compromised.
However, a bad actor simply having your fingerprint isn’t enough for them to access your iPhone.
They need to figure out which finger you use to unlock it. Then make an expensive mold or copy of that print and hope they have a high enough quality print to work with your phone.
Of course, that all relies on them actually having your phone too.
Biometrics & Account Security
Of course, you might also think that a hacker with access to your fingerprints could access your accounts remotely, but this is even hard to pull off. When you enroll your biometrics, the static image isn’t stored for comparison.
Instead, every biometric system uses a unique algorithm to extrapolate data from your enrolled fingerprint, converting it into a biometric template. This template is then encrypted and stored.
Only the same biometric system is capable of generating a second template that matches this.
Simply having possession of your actual fingerprint doesn’t give a thief the complete dataset needed to compromise the system.
What About Liveness?
In addition to the built-in security devices and accounts that use biometric authentication already have, many also deploy liveness techniques to further minimize the threat of stolen biometrics.
Presentation attacks, or spoofing, are one of the most common ways of attacking biometric security. Liveness measures require some sort of active interaction from the user or passive tests that are significantly more difficult for bad actors to overcome with a mold or copy of a fingerprint. It’s critical for any system to use Liveness measure, particularly for sensitive data or enterprise security.
Stolen Fingerprints, Stolen Identity?
While it may be an inconvenience, with all of the security measures mentioned above, having your fingerprint data stolen, or any other biometric, doesn’t mean your identity has been compromised.
Many uninformed argue that biometrics are weaker than passwords because if the latter is compromised you can just change it. But with biometrics, even if someone does get a copy of it, the difficulty of actually using it to launch an attack is high.
And, with the right encryption model, like Veridium’s distributed data model, acquiring and using stolen biometrics is even harder to accomplish.