Your digital identity and protecting it has become a top concern for many people in the past few years, especially as more contactless payment systems appear in phones and stores. It has become so important that entire companies have created encrypted systems to help protect your biometric data. But just how secure is using your fingerprint to pay for your coffee? Some experts say it’s the most secure way to protect your online data, but others warn you could be opening yourself up to a massive security breach if you aren’t careful. “In most cases, biometrics—fingerprints, face, iris, voice, heartbeat, etc.—are safer than passwords, as they’re a lot more challenging to crack than alphanumeric codes. However, they are not infallible,” Daniel Markuson, a privacy expert at NordVPN, told Lifewire in an email. “This is not to say that people should stop using biometric authentication altogether. However, as it gains popularity, the ramifications of biological data theft get more alarming.”
Security or Convenience
For privacy experts like Markuson, biometrics should be seen as a convenience and paired with other security measures—like multi-factor authentication. The main reasoning for this? If your biometric data is somehow spoofed, it’s impossible to simply go in and change your fingerprint or your facial profile. “If a password gets compromised, the user can simply change it. Biometrics, on the other hand, are inherent biological data that can’t be changed. And if hackers can crack biometric passwords from publicly available photos using commercially available tech, the implications of this are scary,” Markuson explained. With the cost of cybercrime expected to grow to over $10.5 trillion annually by 2025, protecting your online data never has been more critical than it is right now. That’s why biometric security has become a preferred method for protecting your accounts. On top of that, many companies and websites also push users to activate two-factor authentication, as it acts as one of the primary obstacles for hackers and cybercriminals trying to figure out your passwords. While the concerns over biometric data being spoofed are real and worth keeping in mind when using facial ID or fingerprints to log into accounts, users can protect themselves by not entrusting this data to companies they don’t know and trust. If you’re worried about your biometric data being stolen, you always can treat biometrics like a convenience.
Finding Balance
Other experts see biometric data in a much different light, especially when talking about security for consumers working at companies that rely on security to protect sensitive data. Much of these principles also can be translated to the consumer end of biometric security, like the facial recognition system in Apple’s iPhone. “Using biometrics paired with ID proofing to replace traditional usernames and passwords protects a company from cyber threats,” Mike Engle, an expert in biometric security and the chief strategy officer of 1Kosmos, told Lifewire in an email. Engle also noted that every 39 seconds, a company falls victim to a cyber attack. The leading cause of this alarming number is usually poor password management, something that Engle says can be solved using biometric security. He also says it is essential to store biometric data in a decentralized location, which will make it harder for hackers or cybercriminals to get their hands on it, especially if it’s encrypted. With so much of your online data being used to create your digital identity, weighing the risks with the security benefits is important when determining whether or not you want to trust companies with your biometric data. If you’re wary of letting those companies or apps capture your facial or fingerprint data, then it’s probably best to avoid using biometrics, and instead rely on a strong password and multi-factor authentication.