If you have the latest Apple or Android smartphones, you can set up your phone to recognise your fingerprint, giving you extra security without any extra effort. But have you thought about how secure this technology is? Here is everything you need to know about fingerprint scanning.
The technology to capture, analyse and match fingerprints has been around for decades. Until recently, it was mostly seen in forensics, airports and high-security buildings. Now, it’s moved into a more personal realm, with many everyday devices like laptops, smartphones and tablets using fingerprint scanning as an alternative to the traditional password. These modern devices come with fingerprint scanning apps that allow you to add an extra layer of security with a simple touch – there is no risk of someone watching you enter your password or guessing it from the grease marks left on your screen.
Let us have a look at how fingerprint scanning works and how secure this technology is for everyday use.
How does fingerprint scanning work?
Fingerprint scanners work by capturing and analysing the unique patterns made by the ridges and valleys on your fingertips. There are several different types of scanning technology that can do this. The two most commonly used are:
Optical scanners: This type of scanner captures what is essentially a digital photograph, by shining a bright light over your fingerprint. In this sense, it works a lot like a typical computer scanner. A computer then analyses the image and uses sophisticated pattern matching to turn it into a code.
Capacitive scanners: This is a more sensitive method that uses electrical currents to map the shape of your fingerprint. While optical scanners look at the visual pattern of light and dark, capacitive scanners measure the depth between the ridges and valleys to build up a picture of your print. This image is converted to a code and becomes your template.
Smartphones often used capacitive scanners because these scanners require a real fingerprint shape, they are harder to fool than optical technology. Once your fingerprint is stored on your device, the scanner can then check any sample against it to provide authentication.
Could someone steal my fingerprint from my coffee cup?
We leave traces of our fingerprints everywhere – on door handles, coffee cups and practically everything we touch. Surely a savvy thief could lift a copy and use that to access our devices?
The short answer, most experts say, is it’s possible – but pretty unlikely.
While optical scanners may be possible to fool with a good photocopied image of your fingerprint, capacitive scanners are designed to look at the living layer of skin beneath the surface of your finger. That means they are much better at assessing if the print is attached to a real, living finger, rather than an artificial copy (or for that matter, a human finger severed from its body, if that’s something you’re worried about).
“Spoofing sensors, a concept often depicted by Hollywood, is much more difficult and expensive than the movies would lead one to believe,” says Covetek, a leading Australian biometrics provider.
“The extreme scientific effort and significant resources and expense required to try to defeat them means that our typical domestic and commercial users would have nothing to worry about.”
In other words, a very dedicated and experienced criminal could find ways around this – but unless you have government secrets on your phone, it’s not likely anyone would go to that much trouble.
Should I be worried about companies like Apple storing my fingerprint?
Another common fear is around how this personal data is stored and who could potentially access it. A massive fingerprint database on the Cloud would be a goldmine for hackers, but companies like Apple are smart enough to know this. The iPhone stores the data on your device itself, not on Apple’s servers, so you can feel pretty safe that your fingerprint won’t fall into the wrong hands.
Can I trust apps and websites that use fingerprint scanning?
Some companies are now making use of smartphone fingerprint scanning. For example, Australian banks, including Westpac, St George and the Bank of Melbourne, have all adopted fingerprint scanning on their mobile banking apps.
The idea of banks accessing your fingerprints – and this data floating around on the internet – might set off alarm bells, but it’s more secure than it sounds.
The actual authentication of your fingerprint happens only on your device. The bank or other company never sees or stores your fingerprint – they only get confirmation from your device that the two prints match.
This means your sensitive information never travels online, where it could potentially be stolen. It also means you can rest assured the website is not collecting your fingerprint and cannot link it to any other personal information they have about you.
As fingerprint scanners continue to become more advanced, it’s likely we’ll start to see more companies making use of this technology. MasterCard has even piloted credit cards with fingerprint technology, adding an extra layer of security to contactless payments.
However, some experts say other biometric technologies such as vein scanning, iris scanning or 3D fingerprint scanning may take over as more sophisticated options.