Biometric Data: Definition and Security Concerns

Okta's cloud-based authentication gives users high-assurance with simple-to-use factors like biometrics and push notifications.

What is biometric data? Information about who you are (not what you know) is part of your biometric data backdrop. 

Chances are, you’ve used a system like this before. More than 60 percent of companies use some kind of biometric data to protect their assets. If you’ve ever used your fingerprint to open your phone or you’ve looked into a camera to unlock a door, you’ve tapped into biometrics.

What is biometric data?

When companies agree to use biometric information, they tend to collect one of two different types of data. 

Physical biometric data includes:

  • Facial structure. Cameras capture the pattern of your face, including eye and lip size and shape. 
  • Eye appearance. Cameras capture the size and pattern of the iris.
  • Fingerprints. Computers assess the patterns on one or several fingers. Scanners can be large enough to accept a palm or small enough to fit on a smartphone. 
  • Voices. Microphones measure your voice's sound waves. 
  • DNA. Samples of your hair, blood, or saliva move through computers for analysis. 

Behavior-based biometric data includes:

  • Typing. Keyboards measure your speed, accuracy, or strength. 
  • Physical movements. Cameras can capture how you walk or gesture. 
  • Digital movements. How quickly you move your mouse or how hard you touch a screen is measured by the devices. 
  • Digital patterns. Computers can measure when you’re typically online, the websites you open first, or the things you say online. 

Notice that biometric data doesn’t necessarily have to do with the way you look, your culture, or your gender. Instead, think of these measurements as unique data identifiers computers can use to distinguish between people.

What is a biometrics system?

Companies must do more than simply gather biometric data. Companies must also somehow analyze the information and make decisions. Enter biometrics systems. 

Typically, these systems consist of:

  • Collection devices. Scanners, microphones, or cameras gather biometric data. 
  • Storage. You sit for a master recording (so the computer knows how to identify you), and that information is saved. 
  • Software. A computer interface connects the device to the storage. 

In a typical deployment, you’ll offer some kind of biometrics data. The collection device will send that information to the storage and compare the two. If there’s a match, your access is granted. 

Systems like this are used in some law enforcement agencies. They might take fingerprints at a crime scene, and they might ask suspects to offer comparison prints for a match.

But plenty of private companies, such as Apple, also take this data. Apple’s developers say using biometrics data makes information secure. While hackers can guess a password, no one can guess a fingerprint or iris scan. 

Who will protect your biometric data?

If a hacker steals your password, you can replace it. But what happens when someone steals your fingerprint or your DNA? Your exposure is permanent and irreparable. 

Unfortunately, biometric data can be stolen. In fact, researchers proved that when they hacked into a database of more than 27 billion fingerprints and face scans. 

Some states, including Illinois, offer legal protections. If your data is stolen, you can go after the company that exposed it and ask for reparations. Other states, including Texas and Washington, have similar laws on the books, and other states are looking into the idea. 

But until we have sweeping laws, consumers must be careful. That's not always easy. If you use your fingerprint to unlock your phone hundreds of times per day, it's easy to forget the real risks and challenges of sharing your biometric data. 

But unless you are sure your data is protected, it's wise to be cautious. You can:

  • Limit. Think carefully before you allow companies like Apple or Facebook to store your biometric data. Opt out if you're unsure. 
  • Update. Keep your operating systems and security scanners up-to-date on any device that stores biometrics. 
  • Monitor. Watch bank accounts and other secure data sources carefully. If you spot unusual activity, act as quickly as you can. 

If you're looking for more information on biometrics and security, check out this blog post


More Employers Are Using Biometric Authentication. (April 2018). Society for Human Resources Management. 

What Is Biometrics? 10 Physical and Behavioral Identifiers That Can Be Used for Authentication. (February 2019). CSO. 

About Touch ID Advanced Security Technology. Apple.

Stolen Fingerprints Could Spell the End of Biometric Security. Here's How to Save It. (August 2019). The Conversation. 

The Anatomy of Biometric Laws: What U.S. Companies Need to Know in 2020. (January 2020). The National Law Review. 

Give Apple Your Fingerprint? It's Your Call. (September 2013). CNN.