News

To News Overview

Beautiful and secure
A safe investment
Weighing the hacking risks
Hands-on access
Designed for safety

 

Pros and Cons of Biometrics - page 3
 Send to a friend     Print this page

The accuracy of most biometrics systems can be tuned by balancing two competing types of errors: false positives and false negatives. Let’s look at the case of fingerprints, although the basic idea is applicable to all other types as well. A false positive error occurs when a bad guy's fingerprint gets mistakenly matched for a good guy's fingerprint. A false negative error occurs when a good guy's fingerprint doesn't get recognized at all.

 

Since fingerprint scanning produces slightly different results each time, the system must be configured with a certain tolerance level. If the tolerance level is very loose, you can virtually eliminate false negatives at the cost of greatly increasing false positives. The system basically says, "Well, it sort of looks like a fingerprint - go on in." If the tolerance level is very strict, you get the opposite effect: "Your fingerprint is off by 0.00001 millimeters - no access for you!"

The accuracy rate is also heavily influenced by how many possible fingerprint matches the system has to consider. If the system has to match your scan against a large database of enrolled fingerprints (called a "one-to-many" match), it's far more likely to come up with a false positive ("hmmm, it kindda looks like user #7654231") and somewhat more likely to come up with a false negative ("it could be this guy or that guy, I better just punt"). Many modern systems avoid this problem by matching your fingerprint against only one possible user - the user stored in your card or other credential - so the chances of a false positive are very low because someone trying to trick the system can't just match ‘anyone's’ fingerprint, they have to match ‘your’ fingerprint. Also, the match tolerance can be set very high thereby further reducing the chances of a false positive but increasing the chances of a false negative.

So you can virtually eliminate the false positives (and therefore security risks associated with biometric access), but doesn't the relatively high false negative rate mean that legitimate users will be frequently locked out? Not necessarily; it depends on the penalty for getting a false negative. In most physical access and IT applications, if you get a false negative, you just have to scan your finger a second time so a high false-negative rate is an inconvenience, not a security issue. Let's say it takes you 2 seconds to scan your finger and the false negative error rate is 5%. Most of the time (95%) you'll get access in two seconds. Most of the rest of the time (99.75%) you'll get in with two swipes and four seconds. Every 400 tries or so, you'll have to wait six seconds.

In other words, for applications that don’t heavily penalize users for false negatives, biometric systems can usually be tuned to an acceptably high level of accuracy.

There’s always a catch

Unfortunately, for every type of biometric, there is a small number of people who simply cannot be identified by that method. A small minority of people have fingerprints that are very difficult to enroll. Certain serious diseases of the eye make eye recognition impossible. Some disabled individuals do not have the necessary use of their hands or voice to perform hand geometry or voice pattern matching. These natural limitations mean that biometric systems covering large populations, no matter how accurately tuned, must usually be installed with backup authentication methods.

Read more on the following pages:

Introduction
Page 1 - Conclusion
Page 2 - Pros and cons compared to other authentication solutions
This page - Are biometric systems accurate?
Page 4 - Pros and cons of different biometric solutions

Download full article in PDF format