This is a lot of misconception about how biometrics are used. And unfortunately the result is that security is compromised. A simple example is if you add a fingerprint scanner to get access to a system, often it reduces security, the fingerprint is really just for convenience. You can get into the system with a fingerprint OR a password (if the fingerprint scanner doesn’t work, then what?) — vs a 2 factor authentication solution which is a fingerprint AND a password which is more secure.

A password is considered more secure than a fingerprint because a fingerprint is considered public information. It’s when you combine the two in an AND configuration that you get more security. Since fingerprints are not considered that secure, either there is a requirement that there is an attendant watching to make sure you don’t enter a physical location with anything but your actual finger (or eyeball), or a dongle is used because the key in the Dongle is not public information.

The problem with security in general is that people are too focused on the technology and not the business processes/workflow and thus they don’t plan properly. And we see this all the time. It’s incredible.

My favorite is the movies where they steal somebody’s eyeball to get access to a military installation. That’s Hollywood horseshit. Any decent security practitioner knows that a password is more secure. It’s only when you require both the password AND the eyeball that it’s more secure. And better yet somebody making sure it’s your eyeball and not a device.

Anybody who doesn’t understand these principles and is making security decisions should be fired. But there’s the problem…who in authority know these basic things and hasn’t been distracted by the tech.