Users may be concerned that the use of biometric authentication will increase the danger that they will find themselves targeted by ruthless criminals who are intent on gaining entry to the assets protected by the biometric. With non-biometric authentication, cards, keys, and passwords could be stolen and used by criminals without the presence of ...

If details of countermeasures employed in biometric systems are publicised, it may help attackers to avoid or defeat them. Similarly, if attackers know what countermeasures are not employed, this will help them identify potential weaknesses in the system, and direct attacks towards those weak areas. The counter-argument is that public exposure of countermeasures and ...

Biometric systems may be initially adequately secure, but become less so with passing time. This could be because critical security parameters such as threshold settings become maladjusted, or sloppy enrolment procedures lead to poor enrolment quality. Some biometric systems are self-adaptive which means that the templates are updated each time a user accesses the ...

This is related to the covert use of biometrics (see “Can my biometric be collected covertly?” previously), and to functional creep in applications. It is important to realise that authentication does not necessarily imply consent, and it is consent which is the issue of concern here. Any application could be affected though the ...

There is sometimes a misapprehension that biometrics can provide absolute identification (e.g. of terrorists, criminals etc) as though the implementation of biometric systems will somehow solve the problem of a major terrorist attack. Of course biometric systems can, at best, only identify/verify individuals who have been previously enrolled. Applications can use this functionality in ...

Mimicry is to behavioural biometrics what artefacts are to physiological biometrics. Through mimicry, an impostor attempts to “copy” the relevant biometric features of an enrolled user in order to fool the biometric authentication process. Because behavioural biometrics are applicable to the recognition of acquired, rather than inherited features, the features can also be acquired ...

Users may be concerned that their biometric features could be captured without their consent or even knowledge and that they might thereby unintentionally unlock a door, or authorise a payment. If true, this could have serious financial or safety consequences, however it is rather unlikely because, in any real application, the issue would be ...

It is true that the basic biometric features cannot be changed, though in some cases, alternatives may be available (e.g. different fingers). However the simplicity of the headline argument conceals some more complex and subtle issues. We need to understand what can be compromised, examine a number of scenarios where compromise might occur and ...

People are rather alike, and lack the true randomness that passwords can have. Lack of randomness means that it is harder to separate individuals by their characteristics and is easier to confuse them. Biometric Security Concerns produced for the UK Biometric Working Group. Last updated September 2003 12 This is a concern that is hard to ...

The performance of biometric systems is dependent on the quality of the enrolled biometric. Enrolment quality can be affected by accidental or deliberate events and environmental conditions, and the result of low enrolment quality is almost inevitably poor system performance. If the performance is poor the security will be compromised, and there may be ...