You Can Change Your Password but You Can’t Change Your Fingerprints

 

The biggest known biometric data breach to date was reported recently when researchers managed to access a 23-gigabyte database of more than 27.8m records including fingerprint and facial recognition data.

The researchers, working with cyber-security firm VPNMentor, said that they had been able to access the Biostar 2 biometrics lock system that manages access to secure facilities like warehouses or office buildings. This control mechanism, run by the firm Suprema, is reportedly part of a system used by 5,700 organizations in 83 countries, including governments, banks, and the UK’s Metropolitan Police. This breach highlights a major problem with biometric security systems that effectively use people’s biological measurements as passwords. Unlike usernames and passwords, biometric data can’t be changed if it is stolen.