Biometrics for Increasing and Decreasing Security

"Air Force and DISA working to secure off-the-shelf phones with specialized cases" https://www.fedscoop.com/phone-cases-security-air-force-disa/

It could be a correct use of biometrics for increasing security if biometrics is used for continuously monitoring the user's voice and behaviors to detect when a bad guy has grabbed the logged-in device from the user.

Demand the user's password afresh, and the bad guy could be turned away as discussed here - "Anything used correctly is usefuland so are UV, disinfectant and biometrics."

It could be a wrong use of biometrics for decreasing security if biometrics is used as a second authenticator along with a default password as examined here - "Early models of smartphones were safer thannewer models - How come?"

Windows Hello for payment authentication would be fine if the objective is to increase convenience, not security – “Google Chromesupports “Windows Hello” face unlock and fingerprint for payment authentication”

-----------------------------------------------------------------------------

"Early models of smartphones were safer thannewer models - How come?"

Early iPhones only with PINCODE were safer than the newer iPhones with TouchID and FaceID added. The same observation applies to the newer models of all the smartphones, PCs and tablets that come with biometrics.

 The point is that even a perfectly hacking-proof biometrics could only provide the level of security lower than a PINCODE-only authentication when the biometrics is deployed in 'multi-entrance' method with a PINCODE as a default fallback measure against false rejection (false non-match).

 This is what a logical reasoning inevitably leads us to, as illustrated in the picture above and in this brief video.

 Biometrics might help security in physical space where there are competent managers who are ready to take care of falsely rejected people. But, in cyber space, the fallback measure against falsely rejection (an extra entrance) has to be provided by the falsely rejected people themselves.

The security effect of ‘multi-entrance’ deployment of 2 authenticators as against ‘multi-layer’ deployment is quantitatively examined in this article "Quantitative Examination of Multiple Authenticator Deployment"

 A huge amount of resources have been spent for a huge volume of biometrics products. We could say that the resources were well spent if all the users and consumers had knowingly adopted the biometrics solutions as a convenience-improving tool, not a security- enhancing solution. We doubt it is the case.

 Sharing our observation may well be enormously embarrassing and inconvenient for the people who had advocated, promoted, recommended and marketed the biometrics products as a security enhancing tool.

Opting to stay silent could be taken as opting to be complicit. We could be somewhat sympathetic in view of the collective pressure of the environment, but their children and grandchildren may be just unsympathetic. We would like to recommend them to come out and speak up sooner than later.