Biometrics refers to the use a physical or a behavioral characteristic of an individual for authentication. It commonly uses fingerprints, voice, iris or the writing style of a person as the characteristic while the major reason for using this type of security is for protection against identity theft. (Penny, 2002) Implementation of biometrics requires and enrollment process where a template (sample of the biometric) is saved. This is turned is compared to a live sample of the biometrics and acceptance of which depends on a set acceptance threshold.
Although, biometrics may be one of the safest method to prevent identity theft since it pertains to personal characteristics of the person being identified, it is not free from privacy issues. The Office of the Privacy Commissioner in Canada identified three privacy challenges with regards to the use of biometrics. First of the privacy challenges is its covert collection. Biometric data can be easily collected even without the knowledge of the person. Fingerprints for example can be collected from anything touched by a person while an iris-scan can be collected even if a person is just walking. This violates the privacy principle of informing the person whose biometric info is being collected. The second privacy challenge is cross-matching. This is when a biometric characteristic of a person is used other than its original intended purpose and without the permission of the owner of the trait. The third challenge is secondary information. This occurs when a collected sample is used to get additional information from the person aside from getting a template. For example, an iris-scan may reveal the health problems of an individual even if the main purpose of the template collection if for biometric. (OPC, 2013)
Personally, I would recommend the use of a retina or an iris scan, since data are harder to get on from these since it needs a few second to collect the data. For a company, this would be a good way to replace password-based access control since data cannot be faked and sometime is needed to authenticate.
References:
Biometric Authentication: Which Method works best? Retrieved from http://www.technovelgy.com/ct/technology-article.asp?artnum=16
Office of the Privacy Commissioner of Canada (2013). Data at Your Fingertips: Biometrics and the Challenges to Privacy.Retrieved from http://www.priv.gc.ca/information/pub/gd_bio_201102_e.asp
Penny, Wayne (2002). Biometrics: A Double Edged Sword - Security and Privacy. Retrieved from http://www.sans.org/reading_room/whitepapers/authentication/biometrics-double-edged-sword-security-privacy_137
Prabhakar, Salil (2003). Biometric Recognition: Security and Privacy Concerns. Retrieved from http://www.cse.msu.edu/biometrics/Publications/GeneralBiometrics/PrabhakarPankantiJain_BiometricSecurityPrivacy_SPM03.pdf
