Signing in to a service

Biometric authentication using fingerprints

A finger on a fingerprint scanner.

Description

Check someone is who they say they are using their unique physical features, like their fingerprint, iris, face or voice.

Biometric authentication using fingerprints uses a scanner to gather data about a fingerprint, such as the position of ridges or unique marks. To verify a person’s identity, an algorithm checks if the scanned fingerprint matches a previously enrolled fingerprint.

IF thinks that biometric authentication using a fingerprint can be an efficient way of gaining access to data. As with other authentication patterns, there should always be a fallback for when people might be impaired, either temporarily (e.g. wet or damp fingers) or permanently (e.g. missing fingerprints).

Advantages

  • Can be quicker, more convenient and more secure than using a password
  • Eliminates some common security vulnerabilities in secret answers, including brute-force attacks to guess a secret answer, or someone getting your secret answer after seeing you input it.

Limitations

  • In most consumer devices today, it is not possible to change a fingerprint in the event of a data breach in the same way you can change a password.
  • Fingerprint scanners may not work with wet or damp fingerprints.
  • Secure implementations of this pattern require additional hardware and software components. For example, Apple’s Secure Enclave or a Trusted Execution Environment on a processor to store fingerprint data separate from other applications on device.
  • Enrolling a fingerprint can take time, effort, and a number of interactions. This has implications for user experience, including for accessibility.

Examples