facial recognition reviews<\/a>. NIST accuracy goals depend on the review and scenario being tested, but NIST is looking for an accuracy goal around 1:100,000, meaning one error per 100,000 tests.<\/p>\n“So far, none of the submitted candidates come anywhere close,\u201d Grimes wrote, summarizing the NIST findings. \u201cThe best solutions have an error rate of 1.9%, meaning almost two mistakes for every 100 tests. That is a far cry from 1:100,000 and certainly nowhere close to the figures touted by most vendors. I have been involved in many biometric deployments at scale and we see far higher rates of errors \u2014 false positives or false negatives \u2014 than even what NIST is seeing in their best-case scenario lab condition testing. I routinely see errors at 1:500 or lower.\u201d<\/p>\n
Let that sink in a moment.<\/p>\n
In independent testing, many biometrics simply do not accurately deliver on their promise. On top of that, many vendors, including Apple (iOS) and Google (Android), make marketing choices in their settings, where they choose how stringent or lenient the authentication is. They do not want a lot of people being improperly locked out of their phones, so they choose to make it less strict, in effect giving a greenlight to device access by higher numbers of unauthorized people.<\/p>\n
Remember those videos showing phones letting in the children or siblngs of a phone user when using facial recognition? That\u2019s a big reason why.<\/p>\n
Another key factor is theoretical accuracy versus real-world accuracy. Consider two popular phone authentication methods: facial and fingerprint recognition. In theory, facial recognition is much more discerning because it can consider a larger number of datapoints. In practice, though, that often doesn\u2019t happen.<\/p>\n
Have you seen any children or siblings getting phone access via fingerprint? Facial recognition has to deal with lighting, cosmetics, hair change and dozens of other factors. None of that is in play when using fingerprint recognition.<\/p>\n
There is also a distance issue. With facial recognition, a device needs to be a precise distance from the face to read it accurately \u2014 not too close, not too far. I personally use an iPhone with Face ID and I typically see failure 60% of the time. I then adjust the difference a bit and \u2014 if I\u2019m lucky \u2014 my phone will unlock. (Again, this is not an issue with fingerprints.)<\/p>\n
Side note: why do many banking apps deal with check scans (yes, some companies still use checks) in a more sophisticated way? The app will typically tell you to \u201cmove the phone closer\u201d or \u201cmove back\u201d before it photographs the check image. Why can\u2019t facial recognition do the same thing?\u00a0<\/p>\n
Don’t forget, too that from an authentication perspective, a lot of the biometric deployments are a joke. Why? Because when a biometric authentication fails, access defaults to a phone\u2019s PIN.\u00a0<\/p>\n
In other words, if a thief wants to get around biometrics, all he or she has to do is fail once or twice and then deal with the easier-to-crack PIN. What\u2019s the point? It’s clear that the major phone vendors use biometrics less for authentication or cybersecurity, than for convenience. It\u2019s a way to access a device without having to type out a PIN.<\/p>\n
As lax as that sounds, Grimes argues that the situation is likely worse.\u00a0\u201cThe NIST tests are best-case scenarios. They are all hideously inaccurate. The security is overpromised in almost every situation,\u201d he said in an<\/i>\u00a0interview.\u00a0<\/p>\n
Grimes also expressed concern about the unchanging nature of biometrics. If a password or PIN is compromised, it\u2019s easy to generate a new password or PIN. Even a physical token can be replaced. So what happens if biometrics are compromised? You can\u2019t easily change your face, retina, voice or fingerprint.\u00a0<\/p>\n
\u201cOnce stolen, how do you get them back?\u201d Grimes said, adding that reverse-engineering biometric data is quite possible.\u00a0<\/p>\n
The bottom line problem here is perception and characterization. These biometric efforts, as currently implemented, are little more than convenience. (Don\u2019t get me wrong; as a naturally lazy person, I am madly in love with convenience.)\u00a0But they’re offered as being tailored for cybersecurity. And as a result, users and technologists will rely on biometrics as a protective measure.<\/p>\n
There are plenty of ways of deploying biometrics securely. Retina scans are usually secure and fingerprints work well for people that have properly scannable fingerprints. But voice biometrics, currently used by a variety of financial institutions, remain too easy to fake.<\/p>\n
This brings us back to settings decisions. If the settings are sufficiently strict, even facial recognition can become a security mechanism.\u00a0In short, biometrics is a fine convenience. As a security defense, most of\u00a0 today\u2019s implementations don’t cut it.<\/p>\n
http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"![](\"https:\/\/images.idgesg.net\/images\/article\/2017\/11\/facial_recognition_identification_digital_security_id_biometric_mobile_phone_thinkstock_858527030_3x2-100740898-small.jpg\"\/)
<\/p>\n
Credit to Author: eschuman@thecontentfirm.com| Date: Mon, 05 Dec 2022 09:43:00 -0800<\/strong><\/p>\n\n\nBiometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and\u00a0the only universally positive thing to say about them is they’re better than nothing.<\/p>\n
Also \u2014 and this may prove critical \u2014 the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts.\u00a0<\/p>\n
There are a variety of practical reasons biometrics don’t work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.<\/p>\n
To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10462,10480,10554,714,24580],"class_list":["post-20713","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-android","tag-ios","tag-mobile","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20713"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20713\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20713"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}