Face ID Fail: Biometric Authentication Isn't as Secure as You Think
How Hackers and Law Enforcement Can Use Your Fingerprints and Face ID Against You
Biometric authentication has for years been the gold standard for securing personal devices and even key online accounts, particularly in the financial sector. Using fingerprints and facial ID to access devices and accounts also solved a common problem with security – convenience. This arrangement has worked well for many years.
But as they say, all good things must come to an end.
Advancements in technology, particularly artificial intelligence (AI), weakens the security case of biometric authentication. AI-driven attacks by cybercriminals targeting your biometric data are on the rise. Biometric authentication can also expose you to unexpected risks from law enforcement. Understanding these dangers is the first step in deciding whether you should continue to use biometric authentication or migrate to something else.
Personally, we have never used biometric authenticators. In fact, we have gone out of our way to not use the technology and opt for traditional passwords instead. We feel justified in this decision based on recent legal rulings and current tech trends, which we go over below.
A Brief History
There was a time when using biometrics for authentication was clearly superior to using traditional passwords. Biometrics offered better security because replicating or spoofing someone’s biometrics was nearly impossible except in perfect circumstances, and even then, only doable for sophisticated actors. The risk of having your biometric authentication data stolen and then used against you was near zero for most people.
Biometrics were also far more convenient than traditional passwords. All you had to do was look at a screen or place your finger on screen and your device unlocked. It’s a near frictionless experience (except for rock climbers, apparently).
So your choices to unlock your device or access your online accounts were effectively:
Use insecure but easy to remember passwords (risky)
Use a clunky password manager (inconvenient)
Use your face or thumbprint (highly convenient and low risk)
Today, the script has almost flipped. Biometrics are now arguably the riskier means of device and account access. On top of that, the convenience gap has substantially narrowed.
Law Enforcement and Biometrics: A Legal Loophole
One of the more unknown risks associated with using biometrics is the legal loophole it creates when it comes to privacy. In the United States, law enforcement agencies do not need a warrant to access your device if it is secured with biometrics like a fingerprint or Face ID. This is because courts have ruled that these are not protected by the Fifth Amendment, which guards against self-incrimination. In contrast, a passcode is considered knowledge and cannot be compelled without a warrant.
This distinction may seem minor, but it has significant implications for your privacy. If your device is ever seized by law enforcement in certain U.S. jurisdictions, they can force you to unlock it with your fingerprint or face, granting them access to all of your personal data without needing to justify their actions in front of a judge. The convenience of biometrics could lead to a devastating invasion of privacy in the wrong hands.
Data broker sites are a major problem. Your personal information is made available on these sites and in Google for a small fee and sometimes even for free. Removing that data is critical to future proof yourself from scammers and stalkers. You can DIY, or pay a reasonable fee to DeleteMe to do it for you. Sign up today and get 20% off using our affiliate link here. We’ve used DeleteMe for almost five years and appreciate the peace of mind and massive time savings.
AI and the New Age of Hacking
Keep reading with a 7-day free trial
Subscribe to Secrets of Privacy to keep reading this post and get 7 days of free access to the full post archives.