Securing the new tide of biometric authentication tools

David Higgins, EMEA technical director at CyberArk, discusses the increasing prevalence of biometric authentication tools and the steps needed to use them securely

Biometric fingerprint readers, facial recognition systems, and retinal scanners were once reserved for the likes of Tom Cruise and James Bond in their respective ‘secret agent’ film franchises. In order to penetrate a heavily-fortified and high-tech facility, Cruise would take on an impossible mission and, more often than not, resort to neutralising an unknowing guard, pressing the guard’s finger against a scanner (similar to the ones used by airports for e-passports), and slipping into the building entirely unnoticed. But this kind of tech is now more commonly used for breaching the security of iPhones and other mobile devices, as opposed to that of a high-security compound. 

In the space of a few years, biometric authentication has quickly become very popular.

This progress has prompted many organisations to explore this technology as a way to protect their sensitive data and to ensure that the right person has access to the right device at the right time. 

However, whilst some information security experts believe biometric technology is the future of digital security, others voice growing concerns around privacy. But, before we assess the risks and rewards, here’s an overview.

Biometric facial recognition technology

A brief overview of biometric authentication

To work for identification and access control purposes, biometric markers must be completely unique to an individual, recordable and permanent. Examples of biometric data include a person’s unique facial structure, the minute ridges of a fingerprint, the one-of-a-kind patterned iris encircling a pupil in the eye, the unique sound waves of a person’s voice (or “voiceprint”), the geometry of a hand or the way a person interacts with a computer system (a typing cadence or mouse usage for example). These ‘unique human identities’ are collected, stored and matched in a database, providing a secure way for users to log into a host of devices or systems without having to use (and remember) multiple passwords.

And this isn’t just future-gazing technology. A recent survey conducted by CyberArk among UK office workers revealed that many organisations are beginning to integrate cutting-edge new security technologies into their strategies, with nearly one in five (19%) reporting that their IT security team is experimenting with biometric security techniques, including fingerprint and retinal scans and embedded microchips.


READ MORE: Millions of fingerprints leaked in latest high-profile data breach


DNA is forever, a password is not

This technology has clear benefits, but businesses cannot afford to overlook the plethora of security and privacy concerns that come with implementing biometric authentication.

Firstly, there is a significant difference between a hacker getting their hands on a fingerprint rather than a password – after all, you cannot change your DNA. This leaves your devices vulnerable and exposed. Furthermore, the permanence of biometric authentication could easily lead some individuals and organisations to become overly confident in the technology and focus less on robust cybersecurity best practices such as multi-factor authentication (MFA), needed to thoroughly secure employee devices.

Savvy hackers will – and in many cases are already – trying to exploit biometric technology for digital and physical authentication. According to reports from Motherboard, some hackers have allegedly cracked hacking vein authentication technology by making fake hands out of wax. Whilst this is an extreme and unusual example, this just proves the lengths that hackers are willing to go to, and businesses have to stay one step ahead of the curve to combat all kinds of threats.

Biometric facial recognition technology

Beware hacks of all shapes and sizes

Here are just a few ways attackers are targeting unique human identities to gather massive amounts of biometric data for future modelling purposes and nefarious use:

Genetic consumer services 

If you’ve ever taken an at-home DNA test, your unique genetic information is now in the hands of an organisation you probably have limited knowledge of. Last June, genealogy testing service MyHeritage revealed that 92 million accounts were found on a private server. While personal DNA was not compromised in this instance, it demonstrates the potential for far-reaching damage in the case of a successful breach.

Embedded human microchips 

According to the biohacking company Dangerous Things, between 50,000 and 100,000 people today sport an embedded microchip, which they use to do things like unlock their office door, get into the gym, buy lunch and simplify travel. Yet, a number of security researchers have demonstrated ways to successfully hack into these chip implants – from infecting a chip with a virus through a SQL injection attack to conduct a URL attack on a browser vulnerability on an NFC chip.

Biometric stores within organisations 

As adoption of biometric authentication grows, huge amounts of highly sensitive data are being collected, stored on-premises and in the cloud, processed and accessed with minimal protection or oversight. Cyber attackers are increasingly targeting data stores within organisations, understanding that many have not implemented the appropriate technical and organisational measures needed to keep this sensitive data secure.

Whilst biometric technology is no longer the stuff of science fiction, we do believe it has a long way to go to be implemented at scale across large businesses.  We have to stay one step ahead of the hackers and anticipate their ability to hack into biometric technology at any time. Doing this will require robust cybersecurity measures such as MFA. There is more at stake here than just financial and reputational damages and losses to businesses – this is about protecting our unique human identities. It’s time to wise up to the risks that biometric technologies can pose and take the necessary steps to combat them.

David Higgins

David Higgins is EMEA technical director at CyberArk, a global leader in privileged access management. CyberArk is trusted by more than half of the Fortune 500 companies to protect their high-value assets.

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...