Biometrics, they are in use all around us. Signing into our phone. Accessing our bank account. And, in some states, obtaining our drivers license. The use of biometric sign in is everywhere! But aren’t you worried that this identification method will be easy to hack and steal?
Many states are developing laws about the use of biometric privacy. States like Illinois adopting BIPA, the first law that is enforceable through private right of action. This law does not allow the storage of any biometric information. Texas and Washington, developed their own biometric privacy act stating the requirement of consent for all employees, students, patrons in order to use their biometrics as a sort of password protection. There are currently 7 states that have their own set of laws around biometrics and a handful with suggested legislation. Here is a list of such states. U.S. Biometric Laws & Pending Legislation Tracker | Bryan Cave Leighton Paisner (bclplaw.com).
Although these laws are meant to protect the patrons who will be using biometrics does it really have their best interests in mind? Think of the last time you had to use a password to sign into an account. Was it a completely original password or is it a password that you use for absolutely every single account that you own, with maybe a slight variation to comply with those annoying guidelines. How about the last time you forgot a password? What information did you give up to recover or change that password? Number and letter-based passwords are stored in software and databases that can obtained with a little bit of work. Most people, roughly two thirds of the population, according to a 2019 google study, use the same password across multiple online accounts. So once a hacker has one account, they have them all.
Biometrics are created through converting bodily measurements (like spaces between the ridges of your finger), to an algorithm that is forever changing, obtaining them is near to impossible. Biometrics are also constantly on you, not stored in a document or in a place where anyone can reach them. You can choose where and when they are put to use. No one, not even your boss, administrator or phone company can gain access without your consent.
What these laws state about needing consent and not storing information in a database is well intended. However, if the biometric company is ethical enough, these requirements would already be in place. IDconnect is such company that has established this basic. As an educational institution based biometric company, they know the importance of safety when it comes to our children. While believing in the importance of the use of biometrics over easy to hack passwords or pins, they already require that parent’s consent to their children using their finger reader in school. Also, without legal requirement needing to tell them, they don’t store any of the biometric data in a database or the cloud. It’s really just common sense to ensure protection of the children.
So should you trust biometrics to be a safe replacement for typed character passwords? Ultimately it is up to you, but as far as we can tell, they are the most secure way of password protection and identification. As time goes on, a higher standard of security will be required for anything and biometric identification has already met that standard. Knowing that, will you be using biometric identification?