Microsoft recently announced Windows Hello, a feature that will be found in some versions of Windows 10, which will allow users to login using biometrics. Windows Hello will only work with computers that have special hardware. Some laptops will have fingerprint scanners, while others will come equipped with Intel’s RealSense camera for face-based authentication.
Despite Microsoft’s claims that biometric authentication is more secure than a traditional password, there are serious concerns about how secure they really are. Back in 2006, the MythBusters were able to fool the best fingerprint scanners of the day by constructing convincing imitations of a finger out of ballistic gel and latex, based on a fingerprint they lifted. In a more recent example, a team of hackers were able to beat the iPhone’s fingerprint scanner using a method not too different from that used by the MythBusters. While in the past fingerprints had to be lifted from a surface the person came in contact with, now fingerprints can be recreated from photos. This makes it easier than ever to beat fingerprint-based authentication.
Face-based authentication may not be any safer. There have been facial recognition systems that have been fooled by high quality photos. It is possible that Intel’s new camera may be better able to differentiate between a real face and a photograph, compared to previous face scanning systems. However, until it has been tested by independent parties making a serious effort to circumvent the authentication, it shouldn’t be considered any more secure than previous facial recognition systems.
These security concerns are even more important due to the introduction of another new service by Microsoft known as Passport. It allows users to authenticate to services and applications without having to type in a password. Windows Passport will authenticate a user with biometrics. Once a person is authenticated, Windows will vouch for their identity, allowing them to log into a number of digital services that use Passport.
While these features may give some convenience to the user, there is still the serious matter of security. Due to the weakness of previous forms of biometric authentication, it may be best to stick with passwords for authentication, until the technology proves itself to be secure.
Do you think that Biometrics are a secure form of authentication? Leave your comments below.