Reliable
user authentication is essential. The consequences of insecure
authentication in a banking or corporate environment can be
catastrophic, with loss of confidential information, money, and
compromised data integrity. Many applications in everyday life also
require user authentication, including physical access control to
offices or buildings, e-commerce, healthcare, immigration and border
control, etc.
Currently,
the prevailing techniques of user authentication are linked to
passwords, user IDs, identification cards and PINs (personal
identification numbers). These techniques suffer from several
limitations: Passwords and PINs can be guessed, stolen or illicitly
acquired by covert observation.
In
addition, there is no way to positively link the usage of the system or
service to the actual user. A password can be shared, and there is no
way for the system to know who the actual user is. A credit card
transaction can only validate the credit card number and the PIN, not if
the transaction is conducted by the rightful owner of the credit card.
This
is where biometrics systems provide a more accurate and reliable user
authentication method, as can be summarised in the table underneath:
Existing user authentication techniques include:
Something you know, e.g. password or PIN. The issue is that many password are easy to guess, and can also be easily forgotten.
Something you have, e.g. key or car. They can be lost, stolen or duplicated.
Something you know and have, e.g. card + PIN.
Something you are, e.g. fingerprint, hand, iris, retina, voice. You cannot lose them, are unique for each individual and are difficult to forge.
Why are biometrics secure?
Unique: The
various biometrics systems have been developed around unique
characteristics of individuals. The probability of 2 people sharing the
same biometric data is virtually nil.
Cannot be shared:
Because a biometric property is an intrinsic property of an individual,
it is extremely difficult to duplicate or share (you cannot give a copy
of your face or your hand to someone!)
Cannot be copied:
Biometric characteristics are nearly impossible to forge or spoof,
especially with new technologies ensuring that the biometric being
identified is from a live person.
Cannot be lost: A biometric property of an individual can be lost only in case of serious accident.
