Do biometrics help better protect your data or not?

Things are about to get personal

You are different from everybody else — wait, this is neither a compliment nor an insult. It’s just a fact. Nobody has the same fingerprints as you¹… or irises, or lips, or teeth for that matter. Not only do these parts of your body make you unique, but they can also be used to identify you.

About 100 years ago, if someone were to analyze your fingerprints, it would mean that you were a suspect in a criminal investigation — and due to imperfect research instruments at the time, you could actually end up in prison by mistake. These days, however, because the tools we use are so accurate, fingerprint recognition is used for protecting you and your data as well as for giving you access to various digital and non-digital services. Well done, science!

But the question is – is it good that we use identification methods such as fingerprint analysis, iris recognition, or face ID to secure our data? To answer that question, first we need to understand how the technology works.

Bringing spy-movie tech to real life

Biometrics, or “biometric identifiers” as they are sometimes called, are basically body measurements and various calculations done to identify unique human characteristics such as the structure of a person’s fingerprints and irises, the shape of their ears, or the sound of their voice. In other words, they are scientific methods used to label and describe parts of your body that make you undeniably you.

They are exactly what is used when you unlock a smartphone with one touch of your finger or when CIA analyst William Donloe gets access to an ultra-secure computer room in the first Mission Impossible movie. This brings us to biometric authentication, a process of measuring biometrics via tools such as fingerprint readers or retinal scanners to confirm a person’s identity.

With more than 80% of all smartphones having biometrics enabled these days², it’s no surprise that computer networks, working environments, banking applications, and airport services increasingly provide users with an option to log in or approve operations using biometric authentication. The technique has surely become one of the most convenient security features available today – but is it actually safer than our old trusty passwords?

Finding your way through the pros and cons

Biometrics enthusiasts are always fast to point out the advantages of this authentication method. First, they focus on how secure it is, emphasizing the fact that your passwords can be forgotten or lost while biometrics can’t. You have your biometrics on you 24/7, and they can’t be taken from you easily.

The latter is their second argument – that it is more difficult to steal your biometrics data than it is to steal your password (especially when your password is a weak one).

They also emphasize that today’s sensors and readers are so precise that nobody else’s biometrics but yours can open or start services. “Biometrics are not like car keys that you can give your friend to allow them to borrow your ride,” they say. “With biometrics, you are the owner and the driver at all times.” And they are right.

And when you hear them explain how fast, flexible, accurate, and reliable biometric authentication is, you begin to think that it is probably the most secure and convenient authentication technique ever created.

If you feel this way, we’re sorry to make you take off your rose-colored glasses. Yes, biometric authentication offers many amazing benefits, which is why it has often been called “the future of security.”³ But the solution also has a few downsides that you need to be aware of.

For instance, if your biometric data gets stolen (which can happen), you can’t change it (but you can change your password). Your fingerprints are yours for life. The same goes for your face, your voice, and your irises. In other words, when someone steals your biometrics, you can’t do anything about it except disable this form of authentication — that is, if you still have access to your account.

Also, when faced with a security breach, biometric authentication will prevent you from logging in remotely using just any device to try and solve the issue. It has to be a device that stores your biometric data – so it cannot be your colleague’s computer or your friend’s smartphone. This is a benefit or a disadvantage depending on the scenario, of course, but some businesses consider it to be an obstacle.

Still, the above is not our way of saying that you shouldn't use biometric authentication. It simply means that it's not a perfect solution, and some risk is involved in the process. You simply must be careful when you use this technology. Biometric authentication is a proven data protection tool and as is always the case with such tools, they usually fail when the person using them acts carelessly. So you can use biometrics, but you should be vigilant at all times.

Why NordLocker allows you to use biometric authentication

First, biometric authentication allows you to secure access to all the data you store in NordLocker. Because our platform is based on zero-knowledge architecture, only you know what’s inside your virtual vault. Add biometric authentication to the equation and you create a scenario where your biometrics are needed to open, edit, and share encrypted files that only you know about. Sounds neat, right?

Hackers are good at stealing passwords, but they're not as skilled when it comes to stealing biometric data. Therefore, unless somebody breaks into the biometric database on your Windows or Android device, you should be safe when logging into the platform using your fingerprint.

A little side note: We will soon introduce a security control feature called “log out of all devices.” If you decide to use it, it will sign you out from all your Nord Account sessions on every device you are currently logged in. This means that even if somebody had your biometric data, they would still need your Nord Account password to log in again – biometrics wouldn’t be enough.

The second reason why you can use biometric authentication in NordLocker is convenience. If you’re a Windows, Android, or iOS user, you can use your biometrics to get instant access to your data without providing your NordLocker Key (former Master Password). Considering that your password should be at least six characters long and fairly complex, using biometrics to unlock your encrypted storage can save you a lot of time.

And third, if you happen to forget your NordLocker key and/or your recovery key, you can always use biometrics to regain access to your files. Biometric authentication is therefore a third option to recover your data. That man who owns $321M in bitcoin but doesn’t remember his password⁴ would probably do anything to be given a chance to unlock what belongs to him using biometrics. He can’t – but you can (though it probably won’t be $321M).

Biometrics or passwords? BOTH!

Using biometrics doesn’t mean that you shouldn’t care about passwords. After all, it is a fast but secondary authentication method.

Even with biometrics enabled, you can still log in to the platform by providing your NordLocker Key (former Master Password). Therefore, you should treat your passwords seriously and make sure that they never fall into wrong hands.

The security of your data — personal or business — depends on it.