Placeholder div for background image
Today our lives are stored on our phones, which may leave you asking: is technology like Face and Touch ID secure? At first blush it seems safe to assume that a phone or tablet that only unlocks when it identifies your face or your fingerprint is safe from information theft. With frequent news stories about hackers and people getting their identities stolen it seems reasonable to carefully examine every place your information is stored, including your electronic devices.
Fingerprint and facial recognition are both biometric authentication methods. This means they use visual information that’s unique enough to you that it can be used like a password. Your fingerprint and your face are unique enough from anyone else’s that companies like Apple claims they are secure ways of ensuring you are who you say you are when you unlock your devices. Every technology is fallible though, and that holds true with biometrics as well.
How do biometrics works? Biometric technology takes a unique image such as a fingerprint or your face and identifies distinguishing pieces of the image’s pattern. These pieces of the image are translated and stored as binary code on the device. When you ask to unlock your phone, the biometric scanner reads either your face or fingerprint, translates it, and checks to make sure it matches the binary code it previously stored as “you.”
So here’s the science behind it. In order to consistently authenticate a user based on their face or fingerprint, the biometric scanner has to register a lot of data points so it can recognize you even when you’re looking at your phone from a different angle or touching the home button at an angle. Think of it like your device creates a long, complicated password that’s made out of code by storing the visual data of your face or fingertip. For someone to hack their way past this identification method they would need to mimic your face or fingertip pattern so closely that the scanner couldn’t identify a difference or they’d have to bypass the actual code that tells your device to unlock only when it identifies your biometric pattern.
Seems tough to replicate but how secure do they actually make your device?
How secure is this technology? Fingerprint biometric is secure for day to day use. There are stories and examples of people hacking these technologies, though. In these stories, the hackers are trying to prove that they can break through these authentication methods so they go to extreme measures. For example, when the iPhone X was released, hackers used silicone, make-up, and paper cut-outs to recreate a user’s face and trick the Face ID feature into unlocking. Is this concerning? Yes. Is it likely that someone is going to want to unlock your phone so badly that they’ll spend hours with expensive equipment and materials to recreate your exact face? Probably not. It’s also unlikely that anyone has an exact mold of your fingerprint to use in tricking your phone to unlock.
These examples of hacking do prove that biometric technology isn’t 100% secure. Passwords aren’t 100% secure either, though. There are plenty of examples of hackers getting past password protection or finding ways to steal password data.
Using biometrics for secure payments. Many phone features require a secondary ID in order to complete a certain action. For example, most banking and financial apps give you the option to log into them using biometrics. If you use a digital wallet like Apple Pay for online purchases or if you make a purchase from the App Store, you are asked to use Touch or Face ID to authorize the purchase as though it were an electronic signature. You can store your credit card information in your phone to allow for instant payments when you touch your phone to a card reader in the store. This means that once your phone is unlocked, there is a lot of access to very sensitive information.
You can turn off Touch and Face ID as your methods of unlocking your device or authorizing payments. This will change the authentication method back to using your passcode to do these actions. Remember, though, that passwords and passcodes can be guessed much more easily than the pattern of your face or finger.
If neither biometrics nor passwords are completely secure, how do you stay safe in this quickly-changing world of technology?
How to protect yourself from information theft and scams. The smartest way to answer whether or not biometric is secure is that it’s as secure as a password. A biometric method of authentication is arguably more secure than a password you type in, but if you think of it the same way it’ll help you follow best practices to keep yourself secure.
Just like there are scams engineered to look like normal emails, there are scams like fake apps that subtly ask you to authorize paying for them with your fingerprint or face.
The best way to ensure your information is secure is to be vigilant about where your information is stored and to keep watch for suspicious activity. Here are some security best practices:
- Treat your phone like a credit card. If your phone gets misplaced or stolen, report it to your bank and credit card companies. Also, you can remotely change the settings on many photos so biometrics are disabled on your lost device.
- Check your credit report and accounts regularly. If you notice irregularities on your statements or your credit score takes an unexpected hit, you’ll know to take a closer look at who has access to your accounts.
- Lock your phone. Seems super simple but it’s an easy thing to forget. You can change the settings so that your phone automatically locks after a certain time period of disuse.
- Update your phone regularly. As security risks are exposed, Apple and other operating systems release new software to patch these issues. Updating your phone will ensure it’s as secure as possible at all times.
Taking the time now to understand this technology is a smart first step to be sure you stay safe.
Contents of this blog article are intended to provide you with a general understanding of the subject matter. However, it is not intended to provide legal, accounting, or other professional advice and should not be relied on as such. Information may have changed since the publication date.