Apr 102014

In light of the latest Internet security scare, the Heartbleed bug, there are again many voices calling for an end to the use of passwords, to be replaced instead by fingerprint scanners or other kinds of biometric identification.

I think it is a horrifyingly, terribly bad idea.

Just to be clear, I am putting aside any concerns about the reliability of biometric identification. They are not as reliable as their advocates would like us to believe, but this is not really the issue. I am assuming that as of today, biometric technologies are absolutely, 100% reliable. Even so, they are still a terrible idea, and here is why.

First, what happens if your biometric identification becomes compromised? However it is acquired, it is still transmitted in the form of a series of bits and bytes, which can be intercepted by an attacker. If this were a password, you could easily change it to thwart an attack. But how do you change your fingerprint? Your retina print? Your voice? Your heartbeat?

Second, what happens if you “lose” your biometric identification marker? Fingers get chopped off in accidents. People lose their eyesight. An emergency tracheotomy may deprive you of your normal voice. What then?

And what about privacy concerns? There have been rulings I understand, in the US and perhaps elsewhere, that imply that the same legal or constitutional guarantees that protect you from being compelled to reveal a password may not apply when it comes to providing a fingerprint, a DNA sample, or other biometric markers.

The bottom line is this: a password associating an account or a service to a unique piece of secret knowledge. This knowledge can be changed, passed on, or revoked, and owners may be protected by law from being compelled to reveal it. Biometric identification fundamentally changes this relationship by associating the account or the service with an unmalleable biometric characteristic of a person.

Please don’t.

 Posted by at 10:27 am