Biometric authentication—the ability to unlock your devices by using just your face or fingerprint—is one of the few smartphone features that, even today, leave me feeling like we’re living in the future. When I was a kid, technology like facial recognition was limited to science fiction. But as cool and useful as biometric authentication is, the technology can also leave us vulnerable. Here’s why—and how to protect yourself.
It’s not just journalists and activists who can have their biometrics used against them
Last month, journalists got a stark reminder that their biometrics might not keep the data they have on their devices safe from law enforcement searches. While the Fourth Amendment usually protects an individual from having to turn over a PIN code or password for a device, courts have generally ruled that the same protection doesn’t apply to biometrics.
This means that in some cases, authorities can compel you to unlock your phone with your fingerprint or facial scan. It’s why many press freedom and civil liberty organizations have long advised journalists and activists to disable biometric authentication like facial recognition on their devices and return to requiring a passcode to unlock them.
But it’s not only journalists and activists who have to worry about their phones’ biometrics making them—and their data—vulnerable. A phone’s most convenient identity verification feature can leave any one of us exposed. There have been reports of people unlocking their partners’ phones using their biometrics while they were sleeping, as well as reports of criminal gangs forcing victims to unlock their phones with their biometrics to steal cryptocurrencies.
Of course, sometimes forced biometric unlocks are less nefarious. I’ve heard parents complain that their children have unlocked their phones by holding the device up to their face, or with a touch of their fingerprint, while they were sleeping, in order to disable software that restricts the internet in their house after certain hours.
If someone wants to gain access to your phone, and you happen to be physically available (unknowingly or not), all the person needs is access to your face or finger to do so.
Giving up convenience for more security
While biometric authentication is one of the most convenient features of today’s smartphones, the scenarios above exemplify how the technology can leave us at risk. However, if you are in a situation where you believe that your biometrics may leave you vulnerable, there are, thankfully, some easy steps you can take to mitigate this risk.
