Unique personal identifiers such as fingerprints, face shapes, and voiceprints are being incorporated into software and hardware security on new consumer devices at an astonishing rate. Apple is now two generations into their iPhone fingerprint scanner and, with the launch of Apple Pay, the masses are getting a taste of how biometrics can be used to authorize transactions. Can new biometrics technologies help companies with Bring Your Own Device (BYOD) policies shore up the risks of a data breach?
Biometric security features are widely touted as being more effective than PINs, which are notoriously insecure – they can be guessed by even low-level hackers through social engineering or through brute force attacks. So, if a device can’t be opened without key biometric information, it is more difficult for data to fall into the wrong hands. Biometric security provides an alternative to PINs and passwords that is difficult to duplicate by phone thieves. Right? Not entirely.
Where there’s a will, there’s a way. The web is flooded with how-to articles on faking fingerprints, so the more persistent phone thief likely has options and resources for spoofing your biometric security. Voiceprint faking seems to be more difficult to master, but as it becomes a more prevalent identification method, there will be more and more hackers learning how to imitate voices or sidestep the software.
If a device is lost or stolen, company data might be more secure behind an added security layer of facial recognition software or a fingerprint scanner – that is, by using a PIN in addition to biometric security features. While biometrics can make it more difficult for malicious parties to access data on stolen devices, human error has a way of finding loopholes, such as turning off biometric security or finding ways of leaving a device unguarded at the wrong moment. The best method to ensure the security of your company data is to provide employees with an easy-to-use enterprise file sharing and collaboration solution with automated policy enforcement and then educate employees on how to properly use it.