One of the most popular biometric scanning methods is fingerprint recognition. Fingerprint readers have started to be invluded in keyboards, peripherals and even cell phones. Furthermore, fingerprint data was recently deemed as the most appropriate to be included in biometric passports. So, naturally, one has to wonder if fingerprint recognition is indeed as safe as some people claim and if it can really protect us.



Biometric recognition is not something new. We have been using it in our everyday lives for ages! We recognize other people by their facial characteristics, or their voice over the phone. This of course, assumes that we already know the person. The problems start to arise when we expect machines to do things that humans were designed to do.

The general biometric recognition process consists of three steps. First, we need to record data from the biometric object (in this case, a human finger). After that, the collected data is processed in order to convert the object's unique characteristics into mathematical data called templates. Templates are usually much smaller from the original data and it is not possible to re-produce the original data from a template. Templates are then stored in some database and the system will then create a template each time a user's fingerprint is scanned and compare it to the template stored in the database. If they match, the user is granted access.

However, fingerprint recognition systems do make mistakes. In fact, two types of mistakes. False negatives and false positives. The most dangerous one is the second, false positives, which means that a fingerprint will mistakenly be matched with one in the database and an unauthorized person will gain access. Generally, the success of a biometric system is measured as FAR (False Acceptance Rate) and FRR (False Rejection Rate). Usually, the lower the FAR is, the higher the FRR is and vice versa.

So what are the advantages and disadvantages of biometric scanning? Well, first of all, should someone be able to somehow reproduce your fingerprint, it is quite difficult for you to change it. That is, unless you're planning to change your finger. This is quite unlike password or physical keys, where theft or eavesdropping are only effective until you find out that someone else knows your password or has stolen your keys, where you can quickly change passwords/locks and the thief will no longer have access to whatever it is you're protecting. However, there is an advantage to this approach. It is really really difficult for someone to steal your fingerprint. Not only that, but even after they have it, they'll need to make a 3D model of your finger in order to fool the biometric sensor. And biometric sensors do use optical sensors, heat sensors, ultrasound and other techniques to make sure that what's being scanned is an actual human finger (preferably still attached to the hand) and not an artificial finger. Compare that with how easy it is for a skilled malicious user to get (or bypass) your password, or for a traditional thief to steal your keys.

What could be the future of biometric scanning, you might ask. Well, it looks good, depending on where they might be deployed. Biometric scanning is good for closed, controlled environments where you can have reasonable trust in the conditions under which the scanning is taking place. It will be quite hard for example, for someone to walk around with a chopped finger at an airport and remain unnoticed. If however, safety if extreme importance, it might be better to combine biometric scanning with more traditional authentication techniques, such as physical keys or password.