Biometric ID Technologies 'Inherently Fallible' (RedOrbit.com)
Regular visitors will be familiar with the themes in this article.
No security system is infallible. Biometric identity management solutions are getting so much attention precisely because existing identity management solutions are extremely fallible.
What determines the desirability of a biometric identity management solution is not infallibility but return on investment (ROI) -- a measure of the efficiencies such a system can bring to an organization's identity management function offset by the costs associated with adoption of the new solution. In many cases the ROI is reflected in productivity gains among staff responsible for an organization's identity management function.
It is very important, however, that potential adopters of biometric ID management solutions be aware of the issues the article raises.
The report notes that careful consideration is needed when using biometric recognition as a component of an overall security system. The merits and risks of biometric recognition relative to other identification and authentication technologies should be considered. Any biometric system selected for security purposes should undergo thorough threat assessments to determine its vulnerabilities to deliberate attacks. Trustworthiness of the biometric recognition process cannot rely on secrecy of data, since an individual's biometric traits can be publicly known or accessed. In addition, secondary screening procedures that are used in the event of a system failure should be just as well-designed as primary systems, the report says.
Identity management is about people, after all. These systems can really help organizations, but they're not magic.