Skip to content
Search

Latest Stories

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Biometrics: Not a Panacea

Last fall brought news that the victims of the OPM fingerprint breach expanded to over five million prints. It’s for this reason that the safety of biometric data should be questioned and discounted as a viable means for authentication. Multiple techniques are available for using this type of information to create fake fingerprints to bypass biometric scanners, plant false fingerprints, or even falsify applications that need fingerprint data using traditional ink techniques. While vendors gather around biometrics as a holy grail for authentication, it is breaches like this that put the entire concept of biometrics-based security in jeopardy for the masses. Therefore, what is needed to solve this problem is a clear definition of when biometrics should be used for authorization, authentication, and to support two-factor authentication. While these may sound like similar terms, in reality, biometrics should only be used for authorization and never authentication alone.

Authorization, in the simplest terms, is the permission to perform a task. It is the ability to proceed without verifying who you are, or who you say you are. The most common form of biometric authorization used today is Apple Pay. When placing your finger on the touch identification sensor, you are authorizing payment. It is just a permission. Authentication, however, is the verification of you as a person, and who you say you are. It does not authorize you to perform any tasks; it just proves your identity. Authentication is primarily performed today by usernames and passwords, two-factor authentication, smart cards, and other techniques like one-time-passwords. They generally tie secret knowledge to a second physical media or to the creation of a unique code that only you have knowledge of.  The various components of an authentication system are designed to prove your identity, but they do not authorize you as a person to anything.

Keep reading...Show less
Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Related Articles

How Trump Can Be the Winning President in Ukraine

“To each there comes in their lifetime a special moment when they are figuratively tapped on the shoulder and offered the chance to do a very special [...] More

Report for Friday, July 11, 2025

8:40 America/New York Friday, July 11 [...] More

Dead Drop: July 11

IN THIS WEEK'S EDITION: (Yet) another Russian leader who falls out with Putin, has a really bad week; Reports emerge about Iran's low-budget [...] More

As Nukes Spread, Robust Missile Defenses Must Rise

OPINION — More countries aspire to be nuclear-weapons states, and we should prepare for this eventuality. That’s why the Golden Dome missile defense [...] More

Mission CIA: Mapping Beijing’s Path to War

Mission CIA: Mapping Beijing’s Path to War

Taiwan has launched its largest annual military exercise ever - amid growing concern that China is on the cusp of launching a military invasion. Many [...] More

Report for Thursday, July 10, 2025

8:40 America/New York Thursday, July 10 [...] More

Rekindling Memories of the Fuji Fire

Rekindling Memories of the Fuji Fire

In October1979, the most powerful cyclone in recorded history, raced across the Pacific and set in motion circumstances that caused a horrendous fire [...] More

Doing Battle in the Gray Zone

Doing Battle in the Gray Zone

Subscriber+Members are invited to join us on Wednesday, July 23 at 1:00p ET for an exclusive virtual conversation on gray zone operations led by [...] More

Report for Wednesday, July 9, 2025

9:12 America/New Wednesday, July 9 [...] More