Home Android Biometrics are even less accurate than we thought

Biometrics are even less accurate than we thought


Biometrics is supposed to be one of the underpinnings of a modern authentication system. But many biometric implementations (whether that be fingerprint scanes or face recognition) can be wildly inaccurate, and the only universally positive thing to say about them is they’re better than nothing.

Also — and this may prove critical — the fact that biometrics are falsely seen as being very accurate may be sufficient to dissuade some fraud attempts. 

There are a variety of practical reasons biometrics don’t work well in the real world, and a recent post by a cybersecurity specialist at KnowBe4, a security awareness training vendor, adds a new layer of complexity to the biometrics issue.

Roger Grimes, a defense evangelist at KnowBe4, wrote on LinkedIn about the National Institute of Standards and Technology (NIST) evaluation ratings. As he explained: “Any biometric vendor or algorithm creator can submit their algorithm for review. NIST received 733 submissions for its fingerprint review and more than 450 submissions for its facial recognition reviews. NIST accuracy goals depend on the review and scenario being tested, but NIST is looking for an accuracy goal around 1:100,000, meaning one error per 100,000 tests.

“So far, none of the submitted candidates come anywhere close,” Grimes wrote, summarizing the NIST findings. “The best solutions have an error rate of 1.9%, meaning almost two mistakes for every 100 tests. That is a far cry from 1:100,000 and certainly nowhere close to the figures touted by most vendors. I have been involved in many biometric deployments at scale and we see far higher rates of errors — false positives or false negatives — than even what NIST is seeing in their best-case scenario lab condition testing. I routinely see errors at 1:500 or lower.”

Let that sink in a moment.

Copyright © 2022 IDG Communications, Inc.