What is biometric data?
According to the new
Regulation (EU) 2016/679
, they are “personal data obtained from specific technical processing, relating to the physical, physiological or behavioral characteristics of a natural person which allow or confirm the unique identification of that person“. In general, they can be divided into two types:
Anatomical data. Traditionally they consisted of handprints and footprints. More recently, palate and dental impressions have begun to be studied, and nowadays identifying data such as facial structure, iris and retina of the eye and the vascular system are also being recorded.
Behavioral data. The best known are voice and signature identification, however, AI-based technologies are being developed to identify people based on their biomechanical behavior (walking, hand movements, etc.).
What are its essential characteristics?
Three basic characteristics can be described that allow a biometric data to provide an unequivocal identification of a person, which are: perenniality (they last over time without losing their qualities) immutability (they do not change or alter over time, at least naturally), and diversity (they are distinct and unique to each person).
The most secure biometric data are those that present these three characteristics to a greater degree and that are, moreover, difficult for other people to impersonate.
What are they used for?
Identification. The process of distinguishing a particular person from a group by comparing his or her data with those of the rest of the people in the group.
Authentication. The process of proving the identity of an individual by comparing his or her data with those held by an entity.
This process requires the use of automated databases. The biometric data used to identify us are recorded and stored in these databases. When entering our biometric data, the system verifies that we are the ones performing the access.
Are biometric data secure for my privacy?
Personal Data Protection experts warn: biometric data have advantages over passwords, but their use involves vulnerabilities that passwords do not.
- They are easy to implement: just log in with your user name and password.
- Cracking them is highly improbable: especially if they are secure, we change them regularly and do not use the same password for all our accounts.
- They can be changed: if our password has been stolen, we can change it.
- We are responsible: the security of the password depends on us, which allows us to take the measures we deem necessary.
- They may not be secure enough: to create a secure password it is not enough to use letters, numbers, uppercase and lowercase letters, and signs. For example, a password such as: Javier2020! will make us very vulnerable.
- Their management is cumbersome: if we do not use a suitable password manager, we can forget the password, lose it, or they can be easily stolen if we have them on a physical medium.
- Convenience: we only have to place our finger, palm of the hand, face, etc., in front of the authentication sensor, although it may cause discomfort and distrust.
- Data cannot be lost: there is no risk of loss or forgetfulness, so, in principle, we will always have access to our services.
- Security: their use is presumed to be more secure than passwords since they cannot be stolen by brute force attacks. However, network communications that send our data to be authenticated can be intercepted. Even if they are encrypted (https), the hash can be reversible in the same way as passwords.
- They are sensitive data: the GDPR indicates that they require special treatment.
- We are not responsible: the security of our biometric data depends on an external party over which we have no control.
- We do not know how they will be treated: once shared on the network they may lose their confidentiality, and we will not know who may be using them.
- They cannot be changed or deleted: in the event of theft or impersonation, it is possible that, for security reasons, we will no longer be able to use them. Moreover, using the same biometric data is similar to always using the same password.
- They can be spoofed: the methods for hacking our biometric data are relatively simple, ranging from the use of masks to the reproduction of fingerprints from photographs we post.
- They are not secrets: much of our biometric information is exposed to the public and can be captured remotely. Basically, it’s like having our password written on our forehead.
- High cost: effective identification requires the use of more sensors, which will increase its cost, making the level of security dependent on our economic capacity.
- They are exclusionary: if we have suffered an accident or other phenomena that cause our biometrics to vary, there may be temporary or permanent incompatibilities that lead to social exclusion.
If you finally do not decide, you should know that the safest thing to do is to use, at least, a DOUBLE AUTHENTICATION FACTOR. Secure authentication is authentication that requires something you know (password), something you are or do(digital signature) and something you have (ID card, access to a particular device, etc.).
Remember that 100% security does not exist, but multifactor authentication will always be the best option to protect the privacy of our data. We invite you to learn about your options by clicking HERE..
Isabel Navarrete Sánchez