Science Sunday: Biometric Security and the Impermanence of Fingerprints
Recently, on my spring break (which now that I am not a student, I can take) I met a delightful older nurse who told me many fun stories about patients with bubonic plague and ebola. That’s not important. The important thing was that she also told me that at the clinic where she works, there is an atm-like drug dispenser that nurses must enter a passcode and have their fingerprints scanned in order to get pharmaceuticals for their patients. This sounds reasonable to me, two-factor authentication is great. Particularly given the problems with passwords. The problem here, that I would never have thought of, being that older nurses have no fingerprints. They have spent so much of their lives washing their hands in a rigorous manner that their fingerprints go away.
This would never have occurred to me. Granted security isn’t actually my field, so while I know the basics, am friends with security researchers, read Bruce Schneier, and have seen the Mythbusters episode in which Jaime and Adam break into a computer using a laser printer printed fingerprint image, I’ve never put too much thought into biometric security systems. It’s possible the people that make them are well aware that fingerprints don’t necessarily last, or maybe they are like me and just blithely assumed that fingerprints are the same yesterday, today and forever. Given that fingerprint verification is being used for nurses who are likely to have these problems, I would guess the latter.
Now that I think about it, I wonder about some of the women in Tanzania. When my host family was trying to teach me to cook in a Tanzanian way, which does not include hotpads, I was told that my hands needed to be friends with the fire, so I could just pick hot pans off the fire without a problem. The Tanzanian women can do this (though to be fair, some women use thin rags or newspapers, just not the house girls who worked for my host family); I collected burns. Do Tanzanian women still have fingerprints that will register on a scanner, or are their finger pads too calloused/burnt?
I’m also wondering about the usefulness of retinal scanners. According to Wikipedia (yes, I know, it’s Wikipedia and should never be used for real research, but it’s a place to start when I have no idea what I’m looking for on a subject.) retinal patterns can change because of diabetes, glaucoma, and some degenerative diseases, but for most people are unlikely to change over a lifetime. I do know visual problems are a common symptom of concussions, and after I had one in a swing dance accident I had trouble seeing to the left for a few days, but I honestly have no idea if that’s damage to the retina or something else.
The point is, two-factor authentication is good, and being used more commonly, as it should be. However, security types need to remember that the body is changeable, and maybe rethink some biometric authentication methods.
Featured image from Wikipedia commons.