Biometrics and biometric data: What is it and is it secure?

May 6, 2022

Biometrics are at the cutting edge of security for devices ranging from laptops and tablets to smartphones. Biometrics are unique physical characteristics that identify you. Biometric data can include your fingerprints, face, voice, or eyes.

A biometrics definition helps explain how biometrics work when it comes to logging on securely to your laptop or smartphone. You might need to press your finger to the back of your smartphone. When your phone recognizes your fingerprint, it will let you log on. Or maybe you scan your face with your iPhone before you are allowed to use the device.

Security experts consider biometrics as an improvement over passwords when logging onto devices. After all, hackers can crack passwords. Faking your fingerprints or facial characteristics is more difficult.

But is there any risk as more providers and companies rely on biometric data to identify people? Can thieves access your biometric data and use it to then steal your identity?

There's always a risk. But there are also steps you can take to keep your biometric data  safe.

What are biometrics? What is biometric data used for?

Biometrics are a way for companies, government agencies, your smartphone provider, and other service providers to analyze a person’s physical characteristics to verify their identities.

This can include physical traits, such as fingerprints and eyes, or behavioral patterns, such as the unique way you typically complete a security-authentication puzzle. To be useful, biometric data must be unique, permanent, and collectible. Once measured, the information is compared and matched in a database.

Some examples of how biometrics work? Every time you unlock a smartphone screen with a facial recognition, ask Siri for a weather update, or log in to your online bank account by scanning your fingerprint, you're using biometrics.

Banks are beginning to use biometrics, too. Instead of providing information such as your mother's maiden name or your Social Security number when you call your bank's customer-service number, your bank might instead simply recognize your voice.

You might use the technology every day to authenticate your identity or communicate with a personal device, but there are plenty of other uses for biometrics. Police can collect DNA and fingerprints at crime scenes or may use video surveillance to analyze the way a suspect walks or talks. In medicine, wellness exams might include retinal scans or genetic tests. And when you use a credit card at a cash register, you'll probably supply a signature, which can be analyzed if the issuer suspects forgery.

Types of biometric data?

Biometric data types vary. Here are six.

• Face recognition. This measures the unique patterns of a person’s face by comparing and analyzing facial contours. It’s used in security and law enforcement but also to authenticate identity and unlock devices like smartphones and laptops.
• Iris recognition. This identifies the unique patterns of a person’s iris, which is the colorful area of the eye surrounding the pupil. Although widely used in security applications — some buildings might require it for entry — it isn’t  typically used in the consumer market. 
• Fingerprint scanner. Such a scanner captures the unique pattern of ridges and valleys on a finger. Many smartphones and some laptops use this technology as a type of password to unlock a screen. This biometric information might replace the use of a password or numeric code. 
• Voice recognition. This technology measures the unique sound waves in your voice as you speak to a device. Your bank may use voice recognition to verify your identity when you are calling about your account. 
• Hand geometry. This technique measures and records the length, thickness, width, and surface area of a person’s hand. These devices date back to the 1980s and were typically used in security applications. 
• Behavior characteristics. This arm of biometrics analyzes the way you interact  with a computerized system. Government agencies, companies and others can analyze your keystrokes, handwriting, the way you walk, how you use a mouse, and other movements to assess who you are or how familiar you are with the information you’re entering. A bank, for instance, might analyze  how you type in the amount of money you want to withdraw. A website might  analyze the way you answer a word puzzle before deciding whether to let you log in.

How do biometrics work?

If you’ve ever used your fingerprint to log into your smartphone, you have an idea of  how biometrics work. First, you record your biometric information, in this case a fingerprint. That information is then stored, to be accessed later for comparison with “live” information, in this case your fingerprint every time you log in. Others can place their fingers on your device’s touch circle, but thanks to biometrics it’s highly unlikely that their touches will open your phone.

Fingerprints, though, are just one form of biometrics. One of the emerging forms of  biometric technology is eye scanning. Typically, in this process a device scans a person’s iris. That person then looks into a sensor — maybe on a smartphone or laptop or next to the entrance to a building. If the sensor recognizes the iris, the phone logs on or  the door opens.

Handwriting, voiceprints, and the geometry of your veins are other biometrics that are uniquely yours and useful for security applications.

A biometric system consists of three different components: 

• Sensor. This is what records your information, as well as reads it when your biometric information needs to be recognized. 
• Computer. Whether you’re using your biometric information to access a computer or something else, there must be a computer storing the information  for comparison.
• Software. The software is whatever connects the computer hardware to the sensor.

Biometric data is common on smartphones like Apple’s iPhone and some Android  devices. Laptops and other computing devices are also increasingly relying on  biometric systems. Biometric authentication and biometric identification are an exceptionally secure way to log in to your devices and various services. Plus, you  won’t have to remember dozens of account passwords.

While biometric systems provide convenience to commercial users, U.S. law enforcement agencies like the FBI and Department of Homeland Security also use this technology. The original biometric was the ink-fingerprint process still used by law enforcement today. The rise of biometric identification has helped law enforcement agencies in major ways, but like any technology, this personal information can be misused by cybercriminals, identity theft scammers and others in the case of a data breach.

Are biometrics safe?

While biometrics are more secure than passwords, this security measure does come  with privacy concerns. These include:

• Hackers could eventually access any collection of data, including biometrics. And high-profile biometric data might be an especially attractive target for hackers. Fortunately, high-profile data tends to be secured on a stronger  level. However, as biometrics become more common, your biometric information will likely be available in more places that might not rely on the  same level of secure storage. 
• Biometrics might become so commonplace that people become complacent. They might not use the kind of common-sense security measures that they use today because they think that biometrics will solve all their security problems. 
• The data stored in a biometric database might be more vulnerable than any other kind of data. You can change passwords. You can’t change your fingerprint or iris scan. This means that once your biometric data have been compromised, it may no longer be in your control. 
• Some pieces of your physical identity can be duplicated. For example, a criminal can take a high-resolution photo of your ear from afar or copy your fingerprints from a glass you leave at a cafe. They could use this information to  hack into your devices or accounts.
• Laws governing biometrics are a work in progress, meaning your rights might be different from state to state. However, federal lawmakers might eventually create a cohesive law to address biometric privacy.

Biometrics data breaches

Worried about someone accessing your biometric data in a breach? That's not an unwarranted fear.

Cybercriminals in 2019 accessed a biometric database, exposing 28 million records, including the fingerprints of more than 1 million people. Other information exposed included fingerprint data, the facial photos of users and usernames and passwords.

Hackers last year, exposed the biometric data, credit card information, driver's license numbers, health insurance information, and other data of customers of Dotty's, an operator of slot machines in 200 locations across the United States.

Samsung in 2022 confirmed that it suffered a security breach in which hackers stole and exposed 200 gigabytes of confidential data. TechCrunch reported that the leak included algorithms for biometric unlock operations for its devices. 

How to protect your biometric data

There are fairly easy security measures you can take to help protect your biometric data: 

• Strong passwords make it harder for hackers to steal your data by simply cracking your password. Keeping your biometric information in only a few, limited places gives  hackers fewer places to breach your data. 
• One of the best ways to help secure your devices is to keep your software current. When your device manufacturer notifies you of an available software update or patch, install it immediately. Manufacturers often release these updates to combat new threats. Don’t leave your devices vulnerable. 
• If you're worried about the security of your biometric data, you can often opt  out of providing it. Consider a smartphone that doesn’t require fingerprint  authentication or choose not to use facial recognition software. You can also disable facial recognition in your Facebook settings.

Frequently asked questions

Biometrics can be a confusing topic. Here are some of the most frequently asked  questions about this technology.

What are biometrics?

Biometrics are unique physical or behavioral characteristics that identify you.

What are different types of biometric data?

Your fingerprint, iris, voice, face and even the way you walk and talk are all different forms of biometric data.

How is my biometric data used for security?

You might press your finger against a sensor in the back of your phone before you can  unlock your device. Your phone or laptop might scan your face before it will let you log on. Basically, biometrics are a replacement for standard passwords.

What is the benefit of biometric data?

It's more secure. Clever hackers might guess or crack your password and then use it to log onto your bank accounts or open your smartphone. It's more difficult for hackers to log into your online accounts or open your devices if they are protected by voice, facial, or fingerprint recognition.

Are there any security concerns with biometrics?

Yes. Thieves, for instance, might be able to take a high-resolution photo of your face or copy your fingerprints after you leave a glass at a restaurant. They can then use this information to access your accounts that are protected by this type of biometric data. Past data breaches have exposed the biometric information of customers.