The use of “What You Are” Authentication is intriguing both for it’s innovative technology and the ‘ease of use’ premise. There are several challenges which may be wise to consider. Let’s begin with ‘quickly improving but still has a way to go‘.
The ability of an algorithm to pattern-match a set of visual points on a surface is – like early voice recognition – predicated on training the detection process. Supply enough variations of your look and your phone or tablet should successfully recognize you. The trick is to demand ‘in motion’ or else a photograph will work as well as your person. Then there is the issue of can a GIF or video fool the sensor? And if the requirement is to blink only your left or right eye – will you get a fresh chance in those circumstances where you closed the wrong lid or don’t really have the dexterity to wink on command? Be assured that in time the technology may get so get so good it can digitally remove your sun glasses and put your tongue back in your mouth. In the interim, you should mimic the old daguerreotype poses where standing stock-still was the only sure way to get the right exposure. Oops… almost forgot, make sure the lighting is right before attempting to prove your identity.
Even though Apple vicariously acknowledged major challenges with fingerprint authentication, for the purposes of discussion, let’s pretend it’s perfect. Can it be faked with a photo of your whorls and ridges? In the beginning, certainly. Now you will need an image much better than most fax copies to even attempt to defraud. That said, enough tests proved it was possible to forge a fingerprint Apple advanced to another bio metric action essentially abandoning their “digital” approach. But the real forensic showstopper was the court decisions that the owner of said impressions had zero expectation of privacy inasmuch as they left their telltale marks on everything they touched. So much for that secret.
The more technologically advanced iris scan actually is quite stunning. The people who see it as a powerful measure do overlook the cost. To obtain an authenticating mechanism is – on sale – still about $1,500.00 per into what you peer. To say the necessary equipment is also a little larger than a camera or fingertip sensor is an understatement. Still, it is a very tough ticket to acquire an eye as easily as even an entire hand.
But, reality is, there’s no need for such somewhat gruesome anatomical adventures. Each bio-metric ID is stored as a unique string of 1s and 0s. Plug those into the circuit and entrance is granted. How is that nefarious magic accomplished? Ask the NSA, CIA, Mossad, or whatever the KGB is calling itself these days. You may even be able to inquire of the more advanced “script kiddies” all over the world who hack for fun and profit. The key insight isn’t even can that you can be cracked – the problem with the “What You Are” a.k.a. Bio-Metric authentication technique is once the bad guys get your identity, you can no longer prove you are you… because they are you too.