The Rise of Biometric Security and the “Ultra-Hack”
Ashley Madison's data breach was nothing compared to what could happen if hackers steal identities rather than information.

This article was written by Hector Hoyos who is the founder and CEO at Hoyos Labs, one of the leading innovative biometrics, authentication and identification technology companies. He has been in the biometrics and IT fields since the mid-1980s as the founder and president of various cutting-edge companies.
Join the iFX EXPO Asia and discover your gateway to the Asian Markets
Until now, most cyberattacks have been relatively benign. This may seem counterintuitive, as data breaches have cost companies more than $400 billion, embarrassment and credibility – and affected millions of unsuspecting individuals, who spent countless hours correcting the consequences.
What the hackers stole from Target, Sony, Ashley Madison and eBay were names, passwords and credit card details – all of which are ultimately amendable. Yet, as new biometric technologies (i.e. scanning fingerprints, face or voice recognition) are introduced and become a more widely adopted method of authentication, this could put us closer to the precipice of the “ultra-hack.”
Biometric security has significant advantages over all other forms of identification, authentication and verification
The ultra-hack is the single most dangerous and irrevocable case of identity theft, and the point of no return for cyber security.
End to End Protection
If a malware attack can cost billions of dollars to resolve for an institution, consider the consequences when complex biometric data is compromised. People cannot change their fingerprints or faces like they can with compromised passwords or logins.
There is no question, though, that biometric security has significant advantages over all other forms of identification, authentication and verification. It’s fast and easy to use; it doesn’t need a

token or fob. And unlike a login or password, which requires memorization and is easily replicable, an individual’s fingerprints, irises, facial constructs and other biological traits should be impossible to duplicate.
Suggested articles
Stocks to Watch This Week – Expedia Group, IncGo to article >>
However, companies need end-to-end security frameworks that encrypt and protect biometric information to ensure the proper level of authentication and verification – limiting access to either data or a location.
After all, the threats to data are everywhere. For instance, people believe that, because their mobile phone is physically in their hands, the data inside is safe. To the contrary, thieves can install malware into a mobile phone without direct access. Data breaches have been similarly achieved through email, apps and even the interception of a Wi-Fi connection.
Leading security metric?
Standards also matter when dealing with biometrics. Without having proper standardization in place to clearly secure and authenticate someone’s identity in a comprehensive manner, information is left open to attack.
Consider the origins of Underwriter Laboratories: at the onset of the electrical revolution, Underwriter Laboratories was founded to test and certify the safety of any electrical device. Now, the company’s seal is ubiquitous – located on electronics around the world, assuring that a device won’t burst into flames when plugged into an outlet.
Today’s consumers are at the mercy of the companies they give their biometrics to
For biometrics, the Institute of Electrical and Electronics Engineers (IEEE) has adopted the Biometric Open Protocol Standard (BOPS) as the open source standard for biometric authentication from a mobile phone or computer. Companies can adopt technologies that allow people to safely and effectively authenticate a variety of transactions – from electronic payments and contactless ATM machines – without usernames and passwords.
In the coming years, biometrics have the potential to be the leading security metric, but a single ultra-hack could derail this progression permanently. Today’s consumers are at the mercy of the companies they give their biometrics to, and enterprises must recognize the importance of protecting biometric data.
Don’t underestimate the danger of the millions of fingerprint records that
got stolen in the OPM (US government employee database) hack last year.
Enjoyed learning how to protect myself from all the hackers.
Yes, that is why it is imperative for the biometric template to be protected and if it is stored locally (on the device) in encrypted form it is less likely to be stolen – and only isolated templates will find their way to the bad guys. This is not as easy as it sounds and a locally encrypted template might imply the entry of a PIN to tie both the user and the device to the transaction. Using both PIN and biometric sample in this manner, with both to pass, is much more secure than a biometric sample alone, since… Read more »
I believe this fear is overstated. What will be kept securely should not be the biometric parameters themselves, but a hash of a set of these parameters.
It would not be complex to authenticate with a hash of the above set and a hash of of a private key that can be changed any time.