Skip to main content

How secure are biometrics?

If you use your TouchID or FaceID to access your smartphone or device, you might think that this is an effective way of ensuring that it is only accessible to you. But are biometrics really secure, or are they just as easy to hack as your passcode?

What are biometrics?

Biometrics are a way of measuring your biological features, often to provide or restrict access to physical or digital environments, or in law enforcement, to keep track of individuals under surveillance. For most people, the way that they have been introduced to biometrics and biometric data is through facial recognition, and touch identification on their smartphones.

Although the technology had been available on mobile phones previously, fingerprint scanners became synonymous with modern day security after the launch of the iPhone 5s in 2013. Apple named it TouchID, and it was a major selling point for their device. 

Biometrics for smartphones progressed quickly from there, with other companies following suit. Although facial recognition had existed on phones previously, Apple managed to create a refined version which they included on their iPhone X in 2017. Since then Apple has discontinued TouchID on its newer models, but has stuck to facial recognition. However, Samsung and Google continue to include fingerprint scanners on their devices.

Biometrics: the successor to passwords and passcodes

One of the reasons that biometrics were considered more secure than passwords and passcodes is that our fingerprints and face are always with us. With biometrics, we don’t need to remember a unique password every time we want to log in to an account, or create something with numbers, letters, and special characters to keep something secure.

Because remembering a unique series of letters, numbers and symbols to every single account that you have is almost impossible, we often end up choosing one password and repeating it for every account that we have (check out our article here to find out why that is a terrible idea, and how to use a password manager instead).

With biometrics, a lot of users are able to access their device, sign in to their accounts, and even pay for things using nothing other than their face or their fingerprint. This effectively cuts out the possibility of a password being guessed or stolen, and stops people using the same password for everything.

If it's better than a password, that means it's secure, right?

To answer this question, we need to understand how biometrics work. When you scan your fingerprint, or use facial recognition, the data is captured and compared to the data that is stored on the device itself. This is one of the reasons that biometrics are considered more secure; with passwords and passcodes, the data is stored in the cloud and can be accessed by servers and applications. With biometrics, the data never leaves your device. 

This might prevent biometrics being stolen in the same way that passwords can be, but it doesn’t mean that they’re secure. In fact, security researchers have demonstrated that both the facial recognition software and the touch recognition software can be hacked fairly quickly and easily with the correct resources. And once that data has been stolen, you can’t just change your fingerprint the way you’d change an insecure password; the biometric will be permanently insecure.

However, it should be noted that these kinds of hacks are not typical of the ones that average smartphone users are most vulnerable to. Although the articles demonstrate that it is possible to exploit this technology, these techniques require a lot of time and dedication. Typically, the average hacker is likely to have more success in other ways.

So what’s the best way of securing my accounts and devices?

Ultimately, biometrics are not impervious to hacking, just as passwords and passcodes are not. As biometric technology becomes more and more common, it’s likely that we’ll see a rise in effective hacking techniques that can be executed easily, but your typical hacker isn’t quite there yet.

The most effective way of securing your device is by securing it twice. Two-factor, or multi-factor authentication, means that every time you sign into an account, you’re required to provide two pieces of information; usually a password, and a biometric. Remember, the aim isn’t to find a solution that is 100% secure, because that just isn’t possible. Instead, just make your logins too secure for hackers to bother.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
The lads are absolutely fantastic and we can’t do without them, everyone I’ve dealt with has always been so patient, lovely and never patronising with me and I’m probably hard work. I would be lost without you David Wright

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner