Biometric Myths and Legends

So I'll try to make it light, entertaining, entertaining as much as possible. 'cause we are talking about, you know, identities here at the end of the day. But I'll try to make it nice and entertaining and, and take you through some 15 minutes of a session about myths and legends around biometrics. And more specifically, what are the different misconceptions, right or wrong, actually, that prevents consumers from adopting more biometric solutions in, in, in different applications and environments.

So it's, it's going to be a little bit more consumer focused, hence sometimes some of the misunderstandings of the underlying technology that, for you will be very clear, but to the uneducated people will be a bit more difficult to understand. So about myself, I've been in the cybersecurity space and mostly in identity related roles in for more than 25 years. I'm currently president and chief revenue officer for fingerprints, a leader in biometric solutions. We have more than billion sensors around the world being used. You've never heard of us. 'cause the businesses we do is via OEMs.

So you'll find our solutions on Android phones and PCs. And I'm not here to sell you anything 'cause you cannot buy just a sensor from me. You'll have to buy from someone else. But you can find our solutions in the ES booth and in the ic o booth, their, their solutions for Fido tokens with the meta authentication, leverage our technology. I'm also the co-founder of Leading Cyber Ladies, a global movement that was formed in 2015 that aims at really improving diversity in the cybersecurity space. So let's start talking about biometrics. And I want to start also with an explanation of why now.

Biometrics is an important topic to talk about. We live in a period in which there is a complete proliferation of devices and services, cloud services. We talk about decentralized identities, zero trust as Ashish. I alluded to earlier, identity is the perimeter right now, especially when we deal with cloud environments. So our identity is now open way many more doors than before. And there is a need to build trust, trust that, that the identity that we deal with is the identity that we believe we deal with. Hence the need to have stronger authentication methods deployed.

So that's just to set up the scene a bit of why right now is a good moment to talk about biometrics and the need to build strong trust around identities in a zero trust environment. So some, some nice facts to share with you. The first murder investigation that led to a conviction with the help of fingerprints was in Argentina, 1892. If I'm not mistaken, two kids were found dead. It turned out it was the mom who killed them. She blamed the neighbor, but they did found a bloody fingerprint on the door.

They took the door as it was to the police station, then manually compared the fingerprints of the mom and the neighbor. And then she admitted. And that was the first non case of a murder investigation. That RESO was resolved and ended up with a conviction linked to biometrics and fingerprints.

So, you know, moving more than Almo, more than 150, almost 150 years into the future. Today biometrics are now widely used in multiple consumer applications.

We all, we all have it on our phones in different forms and modalities, mostly with fingerprints. We also have other methods of authentication, whether it's facial recognition, iris recognition is becoming a thing. We find them on our PCs. We mentioned the token, the phyto tokens and other tokens. You can now find a cryptocurrency wallets with fingerprint readers and biometric authentication in them.

And what's going to hit us very soon, and you can start seeing it in some countries in France and in Turkey right now are credit cards with biometric authentication that will basically replace the PIN code with a more, with a more secure, easy to use alternative. So that's really exciting and you'll start seeing them very soon. Something really interesting happened during c to the world of biometric authentication during covid, we didn't like touching things, right? So fingerprint wasn't always a good solution for biometric authentication during covid facial wasn't either.

'cause most of the time we were wearing masks. So what happened during Covid is that iris authentication suddenly became a thing.

And, and it's something that is starting to be kind of explored of different use cases. For example, operation rooms where doctors wear gloves and a mask. And that's probably the only way to recognize them. Construction sites. I'm going to talk more about Iris, but Iris really kind of got its moment of fame during covid.

And, and you'll start seeing that more and more as, as a more common means of authentication. It has also some other advantages. So let's start with talking about some myths and some of the misconceptions, some of the right conceptions that people have about biometrics. So one of the, one of the common beliefs is that some people just do not have fingerprints. What do you think? Right or wrong? Wrong. Anyone thinks it's true. Derma Remember it took me a while.

I, I i, if you were sitting seeing me sitting in the back of, how do I pronounce it? I was practicing.

How do, how do I say it? And I hope I said it right, Aderly, it's a genetic disorder, very rare, which basically prevent your body from developing fingerprints. And there is a, i I use a very valid source of information, very reliable called Wikipedia. And according to Wikipedia, there are five families in the world that are known to carry that gene.

And, and, and their family members tend to not develop fingerprints. So this is actually true, but very, very, very small number of individuals. And I bed all of you here in the room. Have you have two F You have two fingerprints. What?

Yeah, some people don't have fingers, some people don't have eyes either. They do have a face. Yeah. Good. Good point. It's a good point. Yeah. But I'm happy that you participate.

It's, you know, in compensation for the bad coffee upstairs, at least we get to myth number two. Biometric data is stored as images in easy to hack databases through. True. Right? Right. You're like, so first of all, two, two big arrows here.

One, it's not stored as images. We're talking about digital templates, not images. That you cannot just hack into it and grab photos of my fingerprint or my face or like, so it's not dig, it's digital templates, not images. And the easy to hack is also not very true.

Yes, hackable, if you have the right resources means money, funding talent to do it. Nothing is bulletproof in our world, but not easy to hack and not images. Physical change will prevent me from accessing my device. What do you think about that? True or false? Yes and no. Right? It's a yes and no answer.

So yes, our fingerprints do change a long time. Yes.

Our face, we all know. My doctor also knows my, our face changes a long time. But biometric solutions, biometric authentication solutions do have aging algorithms into them. And those changes we talked about, fingerprint changes, facial changes, they take a long time to happen. So that's enough time for Yes, that's another option. Cutting. Yeah. Or bruising or like Yes, but we're talking here about just natural turns.

It's not, yeah. But yes, that, that can happen.

But again, it takes a long time. But there's one method that is much more kind of stable and solid a long time, which is iris. Our iris hardly changes as we grow up and grow older. It stays pretty stable. And that's unlike the other two methods of fingerprints and facial that do change a long time slightly or on a over a long period of time. Iris tends to stay pretty much the same. Number four biometrics can be easily replicated to trick devices. How many of you heard about the gummy bear trick? Good.

So I, you know what, in the past probably yes that was the case. There were funny tricks that some naughty people could have done and really trick devices. This is no longer the case. Serious solutions do have anti spoofing mechanism into them or livelihood checks to carry on to make sure that the subject in front of them is alive and not a teddy bear or a gummy bear. So can biometrics be replicated? Yes. With funds, money, resources, talent, not easily. Right. So as we all know, nothing is bulletproof in our cyber exciting cyber world. It's not easily replicated.

It'll cost money, time, talent, resources. Looking very quickly into the future, I want to kind of talk about quantum computing for a moment. 'cause something big is going to hit us probably in the next few years. And that will make passwords pretty much obsolete. 'cause they will be a, they will be correct corrected in no time. And so there is an urgent need right now to work on quantum safe possibilities for authentication. Fido is doing a lot of research in this space of how can future authentication mechanism, passwordless authentication mechanism can be quantum safe.

Google is also making some important progress there. And I honestly think that this is going to be a very exciting era for US identity experts and specifically for the area of authentication and how quantum computing will really force us to kind of step forward and, and find better solutions for authentication. I'll pause here. Do we have time for questions? Yes. Okay. First of all, thank you very much. That was really entertaining and interesting. Thank you.

Thank, thank you for telling the world the truth about German coffee and of course about stuff. I come from Italy, so everything is inferior, right? So it's like, yeah.

Okay, so do we have questions? I have one myself, if I may. Sure. Go. So we've heard a lot about AI and geni, deep fakes and whatever. Do they also affect this, these types of biometrics, the fingerprints, the irises? Can they be faked? I think that, you know, it's in a way yes and no. 'cause it can be part of the problem and on the same time part of the solution, right? So can we rely on adversaries to leverage advanced technologies to come up with the nest year ways to attack us, of course. But the same technology is always available also to us.

The, the protecting side to find ways to deal with it. Sadly, it's usually day that come first with, you know, with attacks. And we are more on the reactive side. We find ways to, to handle that.

But it's, yes, it'll be part of the problem, also part of the solution on the same time. Okay. Ish. Do we have any online questions?

No, we don't have any online questions. Well, None. They want to drink coffee At home. Actually we have got one question just right now.

Oh, if my password got preached, I can change it. How does it work with biometrics? Okay.

As I said, it's even if, at least for now, even if a database is hacked, usually the data that is stored there will not be images of, of biometric data. It'll be digital templates. And so it's, it's not the same case of password being breached and a and a biometric digital template being breached. It's not the same case. I guess it's more like stealing the hash of a password. Exactly. Fingerprint, That's true. Yeah. Fingerprint over a fingerprint. Yeah. Well thanks a lot. If you have no more questions for hia, well again, please. Another round of applause. That was really great.