Using biometric technology to make passwords has security problems

Today’s biometric passwords are considered the ultimate authentication solution. However, the use of biometrics for passwords proves to be unsafe due to problems such as low security, low privacy, and easy disclosure of data.

 There is a security problem with biometric technology for passwords

Security with biometric technology

Biometrics are easy to crack

First, biometrics are easier to crack than passwords. Not only are they vulnerable to all current cyber attacks, but biometric data is public and less confidential. Although most people will not reveal their passwords, they can’t always wear gloves in order not to leave fingerprints.

At this time, attackers have come up with solutions to how to bypass today’s biometrics. The famous hacker Krissler used the high-resolution photos of German Defense Minister UrsulavonderLeyen to defeat the authentication technology. Another more famous example, after Krissler released a new generation of TouchID for Apple, it cracked Apple’s TouchID technology. Krissler scanned the fingerprint fingerprint through the fingerprint stain left on the iPhone screen, and used this model to blacken the phone. .

Biometrics experts are always advocating the benefits of technological advancement; however, as security solutions become more complex, attacks become more complex.

Infringement of privacy is the bottom line

Last month, Microsoft called on US regulators to regulate the use of computer-aided facial recognition, which triggered Issues ranging from privacy to technical bias and abuse of police power. As we all know, technology companies rarely require supervision of the company’s technology. Microsoft’s move to break this model is to recognize that the law should assist in the development of technology.

A technology company gives identification technology to new products, and the company must have a database of user identity information. User privacy data can be arbitrarily retrieved in the database, and the company abuses user privacy, which is unfair to the user. Therefore, technology requires the supervision and guidance of laws and regulations to be benign development and will not cause harm to users. Even if the data center does not abuse user privacy data, who can guarantee the absolute security of the data center? If the data center is broken by a hacker, the stolen biometrics can be used to falsify travel records, criminal records, and legal documents as part of the user’s identity, directly damaging the user’s interests.

In a recent US government invasion, 5.6 million fingerprints and 21.5 million social security figures were leaked. Although relevant experts pointed out that in this case, the ability of hackers to abuse fingerprint data is limited, but the possibility of illegal use of user data by lawless elements will undoubtedly increase in the future.

There is a lag in network security solutions. Because the solution will always appear after the threat has emerged, this will undoubtedly challenge the timeliness of biometric data storage security. How to protect user data will not leak, it should be the next research direction of major technology companies.


Biometrics as a new authentication solution undoubtedly brings a lot of convenience, but without relevant regulatory and technical protection, Inflicts damage on the user. We can protect passwords by taking different precautions, such as restricting sharing through untrusted channels, and not using the same passwords across sites; technology companies should enhance user privacy and data protection, and only support each other, biometrics It will really spread in all areas of society.