Biometrics is the supposed future of security, but the actual biology likely to wind up providing that protection is less assured than it may appear. Sure, fingerprint scanners are well on their way to proper ubiquity, but at the same time that technology is hardly airtight or even close. It didn’t take long, after all, before Germany’s Chaos Computer Club busted open the iPhone 5s’ vaunted TouchID system, a hack that, given the myriad conceptual and technical failings of fingerprint security, might have been as anticipated as the phone’s first jailbreak (the fingerprint hack and the 5s jailbreak actually happened within a day of each other in Sept. 2013).
Passwords by now should be as archaic as vacuum tubes, but here we are, dependent on awkward two-step verification systems for any semblance of proper security. One relatively recent suggestion involves the replacement of passwords with good old fashioned blood.
You may have already heard about Hitachi’s VeinID system, in which “near-infrared light is transmitted through the finger and partially absorbed by hemoglobin in the veins to capture a unique finger vein pattern profile, which is then matched with a pre-registered profile to verify individual identity,” according to the Hitachi sales pitch. While vein ID technology shares some of the failings of fingerprint recognition—a user is stuck with their veins and fingerprints for life, after all—but unlike prints, one doesn’t leave copies of their vein structures all over the place. Also unlike prints, vein recognition only works if the user is alive, as the signature disappears just as soon as blood-flow disappears.
According to the BBC (via Naked Security), British banking giant Barclays is the latest to adopt the VeinID technology, joining a pool of ATMs in Japan and Poland that allow users to withdraw money without needing a bank card or PIN, just the proper finger. The Barclays system, which provides access to online banking accounts and account functions, depends on a tennis ball-sized scanning unit and is so far limited to the bank’s business customers. “Any business adopting the technology can register several fingers from different members of staff, so one person can make a payment and another can approve it,” the BBC notes.
To be “the future,” vein recognition devices will have to get a lot smaller; fingerprint scanning is after all a relatively simple technology to integrate with consumer devices, security failings notwithstanding. The VeinID cube is, for now, unlikely to find itself welded to laptops or smart-phones, and so most of us remain condemned to the password-protected dark ages.