In this month's debate, experts discuss whether the biometrics on Apple's iPhone 5s will evolve the security of personal devices.
Rohit Sethi, VP, Security Compass
Perfect security is impossible, but for the average consumer, embracing biometrics is a step away from over-reliance on passwords. While researchers may have found a way to spoof a fingerprint on the iPhone 5S fingerprint scanner, ask yourself this: Doesn't all the effort necessary to spoof a fingerprint make them a better alternative than easy-to-guess PINs/passwords?
Whatever faults biometrics might have, they remain a superior option to a reliance on passwords alone. How much longer are we going to rely on passwords for protection of data? We protect data centers and VPNs with two-factor authentication, isn't it time a real second authentication factor became widespread? Until recently, costs and inability to standardize on a provider have hamstrung efforts for deploying biometrics across consumer apps. The ubiquity of mobile devices affords us the chance to improve. Will we rise to the occasion or continue to accept the mediocrity of single-factor authentication?
Dave Aitel, CEO, Immunity
The biggest problems with biometrics as a security solution are that a person can't hide their biometrics from the world, and there's no way to rescind them after you've been hacked. Every time you get a beer at a restaurant, you're leaving behind data an attacker can use. And once you've been compromised, you will forever be compromised – unlike a password, which can be changed. Is it reasonable for a person to only have 10 passwords their entire life? And fingerprints aren't as unique as most think they are – false matches do occur and a number of studies have been commissioned to evaluate the risk.
Biometrics can also be spoofed without much difficulty, and in some cases they can be bypassed altogether. High-security environments never rely solely on biometrics – it's only one part of a multi-tiered process. The same must be true in the mainstream market as well. We will never be able to rely on biometrics as a sole method for authenticating users. Passwords and PINs will always have to play a crucial role.