Absent Serious Medical Intervention, a Fingerprint Is Forever
It's official: biometric technologies have emerged as the new front-runner in the race to become the security industry's next big thing.Its official: biometric technologies have emerged as the new front-runner in the race to become the security industrys next big thing. As manufacturing costs fall, a variety of affordable fingerprint scanners, retina/iris scanners and voice/face recognition systems are finding their way onto the market. Fueled by visions of impregnable fortresses, many are eager to leap on the bandwagon. Dont get me wrong; biometrics techniques are a valuable addition to the security practitioners toolbox and can create significant obstacles to a would-be attacker. They provide a way around the "breakable-password" dilemma by replacing the word with a relatively complex, unique identifier that the end user cannot forget or misplace.
Unfortunately, because historically they have been so expensive and exotic, biometric tools tend to elicit a dangerously excessive degree of trust. No matter what marketing claims vendors may make, biometric authentication systems are vulnerable to attack. As any student of spy stories can attest, there are several ways to forge a fingerprint, some surprisingly simple. For example, a number of low-end optical fingerprint scanners can be fooled with nothing more than a photocopy of the relevant finger. More sophisticated scanners can be much more difficult to trick, but keep in mind that the hacking community is just beginning to investigate techniques for breaking those tools.