Biometric Security & the Theft of 1.1 Million U.S. Fingerprints
19.7 million current, former and prospective employees. 1.8 million friends and family. 1.1 million fingerprints. The U.S. Office of Personnel Management (OPM) is set to go down in hacker history now that their recent cybersecurity breach is being called the largest ever in the United States. The director of the OPM, Katherine Archuleta, resigned last week after the final tally of affected users was released to the public. And, if you’re counting, the breach has now affected 1 in 15 Americans. So what does the largest hack in U.S. history mean for our personal security?
The unfolding story of the OPM hack has been complicated to say the least. In particular, the newest piece of information – that a massive amount of fingerprint data had been taken – reveals a worrying side to the rising trend of biometric security protection.
Biometrics: Safe and Sound?
The attackers lifted 1.1 million fingerprints from the OPM database, PC World reports. Media & experts seem to agree that this theft is one of the worst outcomes of the hack. Some prints were just ink on paper, some were high-resolution digital scans – all could prove to be very valuable to the thieves.
The futuristic, high-tech appeal of biometrics makes for some pretty interesting ideas for how the technology will change our lives. Using physical attributes like fingerprints or retina scans to secure sensitive information and devices seems to make sense – at first glance: We are unique, and so are our identifying features. We won’t need to remember a long string of characters and numbers. It’s a lot harder to steal a body part than a password or credit card number.
However, the OPM hack raises a lot of security questions about the new wave of biometric security. Every technological innovation comes with new risk. CNNMoney describes one potential threat of the government fingerprint theft as a “Mission Impossible-type scenario” where physical copies of stolen fingerprints are used to break into devices used by U.S. diplomats and important government personnel. The digital storage of high-resolution fingerprint scans means that hackers don’t need to guess a password or steal a body part. They just have to access the file.
CNNMoney also points to a new reality where fingerprints are so highly valued for their protection of valued goods that they end up being sold on a biometrics black market for stolen prints. As one cybersecurity expert explains in the article, you cannot get a new set of fingerprints if a breach was to occur. We say, you can always update your passwords. And if you use one unique password per account, the damage cannot spread far.
Finally, we see the lack of anonymity as a problem for biometrics. We created the SpeedyPassword Password and Username Generator because it is important to preserve your online privacy as much as possible. Certainly, when your personnel file is hacked, it doesn’t allow for much anonymity. (The U.S. OPM office has released statements that they are doing everything they can to prevent future attacks.) But, it does show just how vulnerable our society is to security risks. It should make us think twice about passing out our biometric information to every company that requests it for online accounts.
Passwords are still at the top of our list
In an earlier article we wrote about the OPM breach and some other recent hack headlines, there are steps you can take to be a responsible password protector. Password protection remains our most solid defense against online security threats – if we take the right measures.
Above all, do your homework before approving and using any kind of new security technology. Find out what experts and current users think about the technology. Investigate any hacks or breaches that have occurred. It can be scary to think that we cannot control every aspect of our personal safety. However, there are steps we can take, like strong password practices, that will ensure we are not the weak link in the system.
July 15, 2015 / By: Leah