Biometrics. It's a topic I come back to periodically and enthusiastically. Most pundits, gurus and analysts agree that passwords as a method of authenticating people are not at all secure and need to be replaced. Many feel that a biometric authentication - via fingerprint, retina scan, voiceprint, or even DNA - represents the ne plus ultra of authentication methods. Still, there are quite a few people who argue that using biometrics is like placing all your eggs in one basket - what happens when the basket breaks, what happens when the biometric system is compromised?
I had a long (and often rambling) discussion with Peng Ong last week. He's the founder and CEO of Encentuate, whose slogan is "Security through Convenience" (I like that!). While we ranged over many topics, from individual identity management schemes (Sxip, LID, SMBmeta, Passport and more) to identity federation - and even the importance of blogs, it was his mention of the problem with biometrics that brought me up cold.
Those who oppose biometrics use the argument that passwords and hardware tokens can be replaced but a compromised fingerprint can't. "The counter argument is to cite statistics about the likelihood of a biometric measurement being compromised (it's very low) and the cost of doing the compromising (it's very high).
He asked that, for a moment, I think like a network manager. (Not hard, I used to be one.) Then he asked: "Can you build a system that's connected to other systems and is 100% secure, 100% unable to be compromised?" Of course, I had to answer "no." Any system that allows for input and output - even one not connected to the outside world - can be compromised provided the person doing the compromising has enough time and money. Ong then wanted to know, once the biometric system is compromised, how can it be fixed. And the only answer is, really, that it can't.
I did say that in a fingerprint system, the number of required prints and the fingers they come from could be changed. I believe that's over three million possibilities - but that's still far fewer than the seemingly limitless supply of potential passwords.
I still think that biometrics, as part of a multi-factor authentication scheme, is the best solution available to us. But I'm beginning to think we need to keep looking and find something better. As always, I welcome your thoughts.