A host of problems is keeping biometric security from becoming a mainstream application

Fingerprint scans often fail security tests

Biometrics struggles to go mainstream

Devices are still failing to deliver ease of use and reliability

Written by Tom Sanders at RSA Conference in San Jose

vnunet.com, 17 Feb 2006

A host of problems is keeping biometric security from becoming a mainstream application, a panel of experts at this year's RSA Conference concluded.

"The largest complaint at biometrics conferences is that every year people say that this is the year of biometrics. And then they come back the next year and say maybe this is the year of biometrics," said Richard Lazarick, chief technologist at CSC Global Security Solutions.

Lazarick argued that one of the major problems preventing biometrics from becoming mainstream is a lack of agreed standards.

This prevents organisations using equipment from several vendors in creating interoperable networks such as airports using a single database with iris scan information.

Biometric security uses unique body features for identification or authorisation and could replace smartcards and passwords. Common applications base authentication on fingerprints, iris, face and voice and vein scans.

The panel conceded that fingerprint scanners are readily available and that many notebook makers offer such technology as an option with business models.

However, it was argued that availability of hardware was not enough to guarantee adoption of biometrics.

"Just because you have the hardware doesn't mean that each person who uses it will use it in such a way that you get value for the organisation," warned Samir Nanavati, a partner with International Biometric Group (IBG), an independent consultancy.

"You might be seeing a false sense of hardware prevalence in the market space now."

Biometrics are often painted as bullet-proof security, as the technology is hard to forge because it provides authentication based on unique physical characteristics.

But this is something of a myth, according to the panel, as many low-end fingerprint scanners can easily be spoofed using a photocopy of the print or by using Play-Doh clay or specially crafted rubber overlays.

Research by IBG showed that some devices will wrongly identify the fingerprint in as many as 20 per cent of cases. The test was conducted by exchanging the index finger for a different finger.