Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Don’t Use Biometrics to Secure Your Mobile Device

January 5, 2022

It’s that time again to get on the soapbox and warn users that biometrics are not bullet proof. Mobile devices now support fingerprints, iris scans and facial recognition. Unlocking your phone using a fingerprint is really convenient but can be easily bypassed. Iris scans aren’t a heck of a lot more secure. Facial recognition has its problems too, especially differentiating between family members and those of us now wearing masks as a result of the pandemic. A recent Computerworld post gives further evidence that you shouldn’t be using biometrics to unlock your mobile device. “But a recent case in China shows that Apple’s facial recognition issues are still bad. In China, a man approached a sleeping woman (his ex-girlfriend), pulled open her eyelids, got a facial recognition green light, and was able to withdraw money from her bank account.” Not a good thing.

Our recommendation is not to use biometrics to unlock your mobile device. A PIN can also be brute forced. Use a passphrase instead of a PIN to secure your phone. Once your phone is unlocked, biometrics are fine for unlocking access to the varies apps. Vendors are experimenting with behavioral analytics to secure devices, but we’re still in the early days. Use a passphrase for now and avoid the convenience of biometrics to secure your phone.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology