Biometrics is the statistical study of biological data. According to biometrics, every person has certain biological characteristics or traits that are virtually unique. In other words, biometric data can be used to identify an individual to a statistical certainty.
Biometric identification can be used for a variety of purposes, not the least of which is security. For instance, fingerprint scanners, retina scanners, DNA analyzers, facial recognition tools, and various other techniques and devices can collect biometric data and use the data to authenticate the identity of a would-be user. Biometric-based security measures can be used in place of, or in addition to, knowledge-based security measures, such as passwords or PINs (personal identification number) to access an ATM (automatic teller machine), a computer, a PDA (personal data assistant), a cell phone, or virtually any other device or service.
Biometric-based security measures can be quite convenient for users. There is nothing to memorize and no need to devise unique words or phrases to try to outsmart identity thieves and computer hackers. With biometrics, the identifying information is simply part of each user, and each user is virtually guaranteed that no other user will have exactly the same identifying information.
Unfortunately, the same aspects of biometric-based security that make it powerful and convenient, also expose its greatest weaknesses. Since the identifying information is a part of each user, a user is likely to expose his or her biometric “signature” everywhere he or she goes. For instance, a user may leave behind latent fingerprints or DNA samples, or simply expose his or her face to a camera, allowing bad actors to directly obtain the data they want. Similarly, biometric data, especially fingerprints, may be on file with any number of governmental and private entities where the data can be misappropriated or otherwise stolen. And, once a user's biometric data have been compromised, there is usually no way to change or revoke it. That is, unlike a password that can be easily and frequently changed, it may be impossible to change a person's fingerprints, retinal pattern, or DNA.