The biometrics discussion

Photo from International-Education-Biometrics.net

In my last post I shared an article about a smartphone that uses biometrics - iris-scanning - instead of a password. The other type of biometric device is fingerprint-scanners, which also claim to be safer than passwords. But how soon can we expect to stop using passwords? And are there any safety problems with biometric devices as well?

An article from the Guardian asks four experts: The Question: when will biometrics take over from passwords?

http://www.theguardian.com/technology/2015/may/14/iris-scanning-smartphone-fujitsu-ntt-docomo-passwords

The subtitle is: "It seems the perfect solution to all of us weary of passwords, but is it secure? Our expert panel argue the case for and against biometrics".

This was a good topic to introduce to my students, and the article had interesting language features as well.

First I gave the group the information about each member of the "expert panel," so they could consider to what extent their respective views would be valid.

Angela Sasse:
Professor at University Colleage London and Director of the UK Research Institute in Science of Cyber Security.

Ramesh Kesanupalli
Founder of Nok Nok Labs and Vice President of Fido Alliance, an industry body that seeks to standardize authentication  methods beyond passwords.

Dr. Steven Murdoch
Principal research fellow, University College London, and security architect at the Vasco Innovation Centre, Cambridge.

Starbug
Security researcher at Telekom Innovation Laboratories, Berlin. Starbug showed how to hack Apple's fingerprint sensor in 2013.

While all members of the panel agree that biometric devices are part of our future, they disagreed slightly as to how secure they are.

My students first identified the information from the text that pointed out the advantages of biometrics, and the disadvantages. This difference of opinion in the article provides useful language for stating opinion, comparison, and linking vocabulary related to those functions. In this way, this article's language features can be compared to those of the article in my last post.

Examples:

• Employers and service providers have started to realise this and are offering alternatives in the form of sensors and biometrics.
• Fingerprint biometrics have been available on mobile phones for a while, but the addition of Apple's Touch ID marks a point of no return in the second coming of biometrics.
• While some security experts may be concerned about the use of fingerprints on their own, for customers it is a welcome escape from the struggle with passwords ...
• However, for a considerable amount of time, passwords will still be there as a recovery process.
• You will see Fido not only addressing the business pain, but also addressing the user pain.
• There will not be any server-side global attacks possible if you deploy Fido.
• There is no single type of authenticating solution that is going to be number one in the market.
• Biometrics shows promise, but only as part of an authentication solution which optimises accuracy, privacy and convenience.
• And for most users it's better to use those features than weak or no passwords.
• But you have to keep in mind that biometric systems are not that much more secure than long passwords and if your biometric feature is stolen or lost you can't get a new one.

The language we focused on in class has helped to form a basis for phrases students are "collecting" for persuasive speeches and essays. In addition, the article itself provided a basis for an interesting discussion.