Biometric authentication uses fingerprints, voice recognition, iris scanning, and/or face recognition to unlock your smart devices without hassle. In the past, the only way to lock and unlock your smartphone was by entering a passcode. Unfortunately, many people would forget their codes and end up locked out of their phones. In other cases, the password, which often consisted of four digits, could be figured out by someone else. 

The advantage of biometric security is the simple fact that you can forget your password but not your fingerprints. Biometric authentication adds a more secure way to keep your smartphone or tablet’s confidential data safe. 

It's not only safer but also more convenient. You can use voice recognition to ask Siri for directions or Google Assistant to send someone an email. Plus, looking at your phone screen to unlock it is much easier than having to type in a passcode. If you've ever had to remove your glove on a cold winter day to type in your phone's password, the convenience of unlocking your phone by holding your phone up to your face is obvious.

With more than 1.5 billion users predicted to rely on biometric authentication for security and mobile payments by 2023, is biometric technology ready to secure that level of personal data? Will biometric security be safe enough to fully replace passwords in the future? Here’s more on what you need to know about smartphone security and how effective biometric authentication may be.

How is biometric data stored?

For biometric authentication to work, your identifying information, such as your voice, fingerprint, or face, is scanned, recorded, and saved on your smartphone. The saved information works as a template. The next time you attempt to access your phone, the software compares your current input with the existing stored biometric data.

To capture your biometric data, your connectable device walks you through a series of actions. To enable fingerprint recognition, you’ll be required to place your finger on the touchscreen or home button in several positions as the device scans your finger. For voice recognition, you’ll be asked to repeat a series of statements for the software to record nuances in your voice. As for facial ID, you’ll be required to record several angles of your face.

Who has access to my biometric data?

As explained, the captured biometric data is stored on any smart device, including wearable tech. A template is created and encrypted while the original captures are destroyed. 

Only you have access to your biometric data, although technically, only your phone’s software has access to the data. Unless you’re a programmer or engineer, finding the location of your biometric data on your phone would be difficult. You don’t have to worry about your phone’s biometric data being uploaded to the cloud or transferred through a  high-speed internet connection to a server; not even phone manufacturers have access to your personal, identifying information.

Although this sounds safe enough, it’s important to limit who uses your phone, so others are unable to access your personal data.

Can biometric data be hacked?

Any collection of data can be hacked if someone is motivated enough. However, it's difficult to hack biometric data. Consider how many scans it takes for your phone to capture your data. A hacker would have to make multiple scans of your voice, fingerprints, or face to access your device. The amount of time and effort it would take would likely put off most hackers.

Both Xiaomi and iPhone have made biometric authentication even harder to hack by adding infrared facial scanning. Even if a hacker has a clear and detailed photo image of your face, it wouldn’t get past infrared technology, which creates a 3D scan of your face.

Emerging policies on biometric data.

There are no federal laws protecting biometric data — however, some states have established data protection legislation.

Biometric Information Privacy Act.

The Biometric Information Privacy Act was enacted in Illinois in 2008. It sets guidelines for companies collecting biometric data, including needing informed consent to collect the information, and limits companies from profiting from the collected data. BIPA violation damages can cost up to $1,000 for a negligent violation and up to $5,000 for each reckless or deliberate one. 

California Consumer Privacy Act.

California joined Illinois in protecting the public from biometric data abuse. Employers are prohibited from sharing the data from third parties, but limits enforcement to companies that meet one or more of the following conditions:

- Have over $25 million per year in gross revenue;

- Make at least half of the company’s annual revenue from selling the personal data of consumers;

- Manage personal information for more than 50,000 devices, homes, or individuals.

How to protect your biometric data.

It’s important to safeguard your biometric data to keep your smartphone data secure. You may be able to change your password if compromised, but you can’t change your fingerprints. There are a couple of steps you can take to protect your personal data. 

Enable two-factor authentication.

Biometrics are difficult to hack but you shouldn’t solely rely on the authentication form to protect your device. Enabling two-factor authentication adds an extra layer of strong security. 

Known as 2FA, it works by asking for a second form of verification after you log in. For example, you may log in to an account or your device using Face ID. If you try to access a banking app, you'll be required to enter a temporary ID code, which will be emailed or texted to you. You normally have just a few minutes to enter the temporary ID to gain access.

Update your software.

Software updates do more than introduce new software and functionality on your smartphone. Companies are always at work to ensure devices are protected from viruses and malware vulnerabilities. Keeping your phone’s software up-to-date can help ensure your device and its systems, including biometric security, are protected against the latest threats. 

The above content is provided for information purposes only. All information included herein is subject to change without notice. Verizon is not responsible for any direct or indirect damages, arising from or related to use of or reliance on the above content.