Along with having a vocal conversation with a computer, few things scream “a past decade’s idea of sci-fi tech” more than biometric scanners. Those sci-fi dreams have already become mass-market reality, as millions have scanned their fingerprints into their phones to unlock them or to verify their identity. But where is biometric tech really going?
“Fingerprints were a thing that started in the criminal [law enforcement] world as a way to uniquely identify people,” says Warren Westrup, who has worked extensively with security as part of Verizon’s Internet of Things team. It seems simple, and for the most part, it is: it’s been known since antiquity that humans have unique patterns of ridges on fingertips, so what better way to identify people than with an attribute that’s specific to them, and which they can’t change?
Biometrics moved on from inkpads to optical scanners (which basically take a digital photo of a fingerprint) to the capacitive scanners used in modern smartphones (these use tiny little sensors that can measure the minute difference in the electrical charge of your finger’s ridges and valleys). Lately, with technology like Android Pay and Apple Pay, which allow you to tap your phone on a retail point-of-sale machine instead of swiping a credit card, the predictions have reached a fever pitch: are phones, and consequently fingerprint scanners, going to replace the decidedly 20th century tech of credit cards and 19th century tech of house keys?
Fingerprint Cards, a Swedish company, recently made news when its stock soared to incredible new heights. The renewed popularity of fingerprint sensors spurred what some analysts told Reuters was an unwarranted bit of market optimism. Fingerprint Cards predicted that fingerprint scanners would be everywhere: your gym, your home, your supermarket and your office.
Others aren’t so sure. For one thing, fingerprint sensors have gaping security risks. “I think there's some great opportunity for it down the road, but as with anything, there's no silver bullet to make it more secure,” says Westrup. He thinks, if fingerprint sensors will be used at all, that they’ll be paired with some other kind of authentication: a quick password, say. That’s because on both a macro and a micro level, fingerprint scans on their own are not completely secure.
The specific makeup of your fingerprint is stored somewhere in the cloud, either by an authentication service or by another entity like a store or even the government. And anywhere there are large caches of data, there are hackers, as was proven just last year when hackers stole a ridiculous 5.6 million fingerprint records from the Department of Defense.
On a more micro level, it’s extremely easy to fool a fingerprint scanner, especially the optical ones seen in older or cheaper models. Some methods involve everyday products like Silly Putty, Play-Doh, or even Gummi Bears. More advanced techniques could involve 3D printers or various electrical wiring setups to mimic a finger’s natural electrical charge patterns.
And the theft of a fingerprint, from a psychological perspective, feels much more like an invasion of privacy than the theft of a password. You can change your password, but you can’t change your fingerprint.
That said, it’s still likely that your phone, probably in concert with a fingerprint scanner, will end up as a replacement for your wallet and/or keys. It’s just too convenient; tech like near-field communication, which allows a phone to convey information wirelessly to a nearby object like a lock or a checkout counter, is, basically, already here. Westrup thinks phones could well take on the role of key and wallet, but with the added wrinkle of one more level of security like a password—which, of course, would be perfectly easy to implement on a phone. “Nothing's ever going to be completely foolproof, but the more things you do—it's kind of like buying insurance,” he says. “The more layers, the more you're covered.”