Skip to main content

Why you should think twice before using biometrics

In the last decade we have seen how advances in biometric technologies have made it possible to identify individuals with their fingerprint, voice, iris or even brainwaves with very low failure rates.


I have no doubt that biometrics (something you are) will eventually replace passwords (something you know), which can be easily forgotten, guessed or deciphered with dictionary attacks. It is a fact, we are not good at choosing robust passwords and we reuse them all the time.

Unfortunately, it is not uncommon to hear from considered secure cloud services urging their users to change their passwords after a cyberattack. It is very annoying, but a new password should solve the problem.

But what if your biometric information is stolenMost of cloud services protect it the same way they do with passwords, i.e., the information is encrypted and stored in their servers. If after a cyberattack your fingerprint is deciphered, it could be used in order to access any other online service, and you can't simply change your fingerprint. If it is stolen once, it is stolen forever.

So the next time you are required to sign in with biometrics, ask your self how will your information be processed and protected.

A way to tackle this problem is by using Zero Knowledge Proof protocol (ZKP), that eliminates the transmission, storage and exposure of private user data during authentication. This way, biometric information never leaves the device, it is never transmitted or stored, so it simply cannot be stolen if the server is compromised.


* Disclaimer: I am CTO of Sedicii, a leading company in user authentication solutions, which uses ZKP-based patented technologies.

Popular posts from this blog

How to disable cookies on Google Analytics so that you don't need a consent banner

The integration of Google Analytics into a website or blog is not GDPR-compliant by default . You must first obtain explicit consent of the end-users to store cookies, describing in your privacy policy how you intend to use collected personal data. This is the reason why most websites nowadays display an annoying (but necessary) consent banner. If you fail to do so or if you only ask for implicit consent, you are at risk of being fined. However, it is possible to disable cookies on Google Analytics (GA) respecting end-users privacy, so that you don't need to ask for consent. The downside is that you will not be able to distinguish the type of user (unique vs new vs returning) and you will miss some session insights. If these details are not relevant for you, here is how you do it. Disable Google Analytics cookies on a custom website If you have a custom website with full access to the source code, you can simply insert the script below between the <head>  and </head>...

How to convert a PWA into an Android app in 5 minutes

In early 2021 I developed a memory game called Kobadoo  as a PWA (Progressive Web App) using ReactJS. It works pretty well as a browser game and gets decent traffic, but I wanted to reach more potential users by making it available on the official mobile app marketplaces. Since I didn't want to spend any time coding a native app, the easiest solution I found was to convert the PWA into a TWA (Trusted Web Activities) app. It barely takes 5 minutes to do it. TWA essentially allows you to easily create an Android app ( .apk file) that displays a full-screen browser view of your PWA. The user experience is almost identical to a web app and the views from the TWA will count as traffic on your web app. This means that if you have ads on your PWA, they will still work (and generate revenue) from the TWA. Another advantage is that every update you make on the PWA will be immediately reflected on the TWA without the need to submit a new version on Google Play. Here's how I convert...

How to change a post thumbnail in Blogger

If you have ever published a post on Blogger with more than one image on it, you might know that the featured image  (also called post thumbnail ) that is displayed in your blog's landing page is always the first image in the post. Blogger does not provide an editor tool to change this thumbnail. However, there is a workaround that will enable you to set the image you want. Find the Image URL. You can do this by right-clicking on an image of your choice from your browser and selecting Copy image address . Note that it can be any image that is publicly available on the Internet, not only from your post. Changing your post HTML code. From Blogger editor tool, click on the pencil, then select HTML view . Add the following line at the very start of your HTML code: <img src=" https://www.example.com/image.png " style="display:none;"/> where the URL in red is the one you copied in step 1. Click on Publish . That's it! The chosen image will be displayed as ...