Biometrics Pros and Cons For Electronic Access Control

By: Brian Rhodes, Published on Jun 26, 2017

Biometrics has been long sought as an alternative to the security risks of cards, pins and passwords. While biometrics has improved somewhat over the past decade and has some clear advantages, other problems or limitations remain. In this post, we compare the key pros and cons of biometrics.

The Pros

Advantages of biometrics have key value is some access applications. While manufacturer marketing often blurs the claims and overstate the advantages, biometrics can offer:

  • Credentials Always Available
  • User Identity Verification
  • High Credential Validity
  • Tough Against Passback

The Cons

On the other hand, there are operational weaknesses or risks that are not commonly realized before deployment. Some of those are:

  • User Unwillingness & Distrust
  • User Biometric Incompatibility
  • User Removal of Clothing
  • User Positioning
  • Injuries & Biometric Stability
  • Lengthy Authentication Cycletimes
  • No More Picture IDs
  • Myth: Biometrics Are Distinctive

Inside, we explain and examine each one.

********** *** **** **** sought ** ** *********** to *** ******** ***** of *****, **** *** passwords. ***** ********** *** improved ******** **** *** past ****** *** *** some ***** **********, ***** problems ** *********** ******. In **** ****, ** compare *** *** **** and **** ** **********.

The ****

********** ** ********** **** key ***** ** **** access ************. ***** ************ marketing ***** ***** *** claims *** ********* *** advantages, ********** *** *****:

  • *********** ****** *********
  • **** ******** ************
  • **** ********** ********
  • ***** ******* ********

The ****

** *** ***** ****, there *** *********** ********** or ***** **** *** not ******** ******** ****** deployment. **** ** ***** are:

  • **** ************* & ********
  • **** ********* ***************
  • **** ******* ** ********
  • **** ***********
  • ******** & ********* *********
  • ******* ************** **********
  • ** **** ******* ***
  • ****: ********** *** ***********

******, ** ******* *** examine **** ***.

[***************]

Biometrics ** **** **** ************

*** ** *** ************ misconceptions **** ********** ** the ***** ****** ** technologies **** *** ********** assumed ** ****** *** same ******* ********* *** weaknesses.

** ***** *** **** common ********* **** ** our*********** *** ****** ***********, *** ***** ****** but ******** ************ *******:

  • **** ******: *** ***** layers ** **** **** a ******** ********* ** a ******* ****** ** fingers.
  • ******/ **** *****: ****** than **** *** ***** layers ** ****, ***** sensors ***** *** ***** layer ** *********** **** under ****** ** ****. These ***** ***** *** patterned ** * ****** way, *** *** ****** tissue ** **** ***** to ******* ****** ** contaminants.
  • ****/******: **** **** ** reader ***** ** ***** of *** ****** ** user ****. **** ****** and ******* *** ** used ** *********** ***********.
  • **** ***********: ****** ** image ** * **** and ********* *** **** and ********* ******* ****, nose, *****, *** ***** identifying ******** **** **** accuracy *** ********* ** becoming **** ******.

*** ***** *** * myriad ** ****** ****, but ***** '**** ******' biometric *****. *** ****, catch *********** **************.

Biometric ********

** *** ******** *****, we **** * **** at **** ********** ** biometrics. ***** ********** ******* and ******* *** ***** distinct **** ******** ** others, ********** ** * general ******* ***** **** or ******** *** **** of ***** ********** *****:

Credentials ****** *********

**** **********, *** **** themselves *** *** **********, and ********** * *** or ****** * ***** is ****** *** * risk. ******* ************* ******** are ****** **** ** verify *****, ********* *********** are ********* **** ****** and ***** ******** ********** management ** *********** ***, cards, *** ***** **** can ** ********* ** forgotten.

User ******** ************

******* ***** ****** **** or **** *********** *** others ** ******, ********** are ****** ** ******* users *** ************ **********. Just ** ***** *** share ***** ** ****, they ****** **** ** fingerprints ** ******, ********** the ********** **** **** authorized ***** *** ******** an ****.

High ********** ********

****** ****** ********** ***** vulnerable ** ******* ** spoofing ******* ****** (**** **** ****** ******* With **** $** *** 125kHz **** ******), ********** ********* ******** the *******. ***** ******* like *** **** ***** cannot ** **** ** copy **********:

***** '*******' *** ***-******* biometrics ****** *** ** vulnerable ** ***-***** ******, the ***** **** ** access ********* ****** *** or ******* ****** ********** ******************* ** ***** ********* technology **** ***.

Tough ******* ********

********** *********** ********* *** risk ** ********** ******* as ***** ****** ****** hand *** ***** ********* identifiers ** ******* ** coworkers. ** ******* ** our*** ******** ***********, *** ******* ** not ****** ****** **** other ********** ******* *** often ******** ******** ****** configuration ** ****. ********** often *** **** ********* to ********* *** *** less ******* ** *********.

Biometric **********

*******, ***** ********** *** solve **** ********, **** amplify ** ****** ******. In *** ******** *****, we ****** ***** ****** issues **** *** ** showstopping ******** ** *** recognized **********:

User ************* & ********

*** *** ***** *** comfortable *** ******* ** have ********* ****** **** as **************. * ****** of ********, *********, *********, or ******* **** ** trust ** *** ********** agency ** ********** ** use *** ******* ********* information *** ** * factor.

********* ** '*** **********' in ********** *** ** identify ******** ** *** common ****** ** ****** that ***** ******* **** private ******* ** ****. The ***** ***** ** from ******* ******** ** *******:

User ********* ***************

***** ******, *** *** users *** ****** ******* or **** ************ ******** of *** ******** ********* trait **** ** ****** identity. **** ***** *** lack *** ******** ******* outright, ***** ****** *** experience * '*********' **** of ******* *** ** injury ** *********. **** a ********* ** ****** as ************ ****** **** all ***** **** *******, healthy ******* ** ************ on, *** ***** ******* of *********** **** ** provided *** **** **** do ***. **** ********* results ** ***** ******** credential ******* **********.

User ******* ** ********

******* *** ********* *** biometrics ** *** ********** the *********** ** ******** they *** **** **** experience ** **** ********* in *** ********* ***** being ********. **** ** often *** *** ****, as ********* ** ****** as ***** ******* ****** in **** ******* *** be * ***** ****** to ****** *** ************, or ********** *** ****/****** scanners, ** **** ** rain, *** ** **.

User ***********

*** *** ********** *** suitable *** *** ** every *********, *** *** often **** ******** **** 'traditional' ****, *****, ** PINs. *** *******, ******* fingerprints ***** ***** *** seated ** ******** ** highly *********** *** ** the ******** ******** *** hand *********** ******, ***** simply ******** * *********** card ** **** ******.

********* ************** ****, *** *** Access ********** ** ********* ** adapt *** *** *****, especially ***** *** **** mobility ** ********** ******.

Injuries & ********* *********

******* ******* ** * biometric ***** *** ** shortsighted *** ******** *******, when ************* ******* *** to ***** ** ****** are ******. *** *******, collagen ********** *** ******* degrade **** ****, ** even '******' ******** **** fingerprints ****** **** *** course ** *****, *** sometimes **** ********* ** become ********** ** ****. Other ******* **** *** mobility, **** ********, ** even ****** ********** *** change **** ****. **** enrollment ** ********* ******** is ***** * *********, if *** ******, ****.

Lengthy ************** **********

***** ****** * ***** or ******** ** * PIN *** **** *******, properly *********** * ********* can **** **** ******, even * ****** ** longer ** ******* *** needed. *** ****-****** *********, multiple **** ****** ******** can ****** ******** ** users *** ****, *** a ********* ****** **** fingerprints *** ****** * fraction ** *** ****** total ** ***** **** must ******* * ******** digit ** * ******** way ***** ****.

No **** ******* ***

*******, *** ****** *** typically ******** ** ***** other ** ******* *** given ** ** ******** biometrics. ***** **** ***** picture ** ******** *** often ******* ** *** same **** ** * contactless **** *** **** subsequently ******* ****** **** necks ** ******** *** quick ****** **************, **** media ** ********* **** adopting ********** *** **** be *********** ********.

Myth: ********** *** ***********

*** ** *** ******* errors ***** **** **** adopting ********** ** ******** all ***** **** ** enrolled ******** *** ** one **** ** ******** for ******* ****. **** often ******* ** ********* surprises, ******* *** ********* is **** ** '******' as *** ****** ** sampling ****** ********* *** used.

*** *******, ***** * fingerprint ** **** *** indeed ** ******, ** make **** ****** ** more **** ******** ****** before ** ** ********** as '********' ** * database. ***** ***** *** have ******* ********* **********, with *** **** ******** between ******** ** ******* (but *** *****) ******** traits, ********** ** ***** user *********.

** **** *****, *** 'confidence ********' ** ******* biometric ******** ** ****** requires *********** *** ****** or ****** ** ***** more **** ********** ****. The ********* **** **** can ******* ****** **** efficiency *** **** **** user ******* ******* ******* an *******, *** **** gather **** *********** ***** the ****, ********** *** 'distinctiveness' ** *** ********* credential.

Comments (11)

We have a few customers that use biometrics but most of them don't. Two reasons typically are cost of the system for biometrics depending on the solution and also the inconvenience. Typically we only suggest for high secure areas like server rooms and pharmacies. One solution we have deployed that works flawlessly though is StoneLock. Although it is fairly expensive per door it works really well. The enrollment time is less than 30 seconds and their rejection rate is almost non-existent and you don't have to put your finger or palm on a device.

Biometrics are a very long .... but very static password that you either leave behind on coffee cups or have on full display almost all the time. At best it is "something you are". Good security will want you to add "Something you know" and "Something you have".

Have a great day.

I followed the link above on Fingerprints for Access Control and the issue of unreadable prints is mentioned but some negative considerations need to be spoken to a bit more.

I have experience working for an AFIS Automated Fingerprint Identification System provider. Capturing fingerprints electronically for submission to an identification authority.

Big issue is that globally anywhere from 2 to 5 % of your population have fingerprints that are are highly difficult to scan.

Factors are:

Age - Older population the ridges are no longer as pronounced as they used to be. In Florida for example, persons wishing to volunteer to work with children must pass a background identification check including prints. Having a fairly large base of retired persons who are eager to volunteer their time, when it comes to electronically capturing the fingerprints the yield of successful captures is quite low. One of the tricks of the trade is to use "Huskers Oil" on the hands to help plump up the ridges, which helps but the yields are still low.

For this population segment the reject rate is quite high.

Occupation - Persons who work with their hands and handle coarse or caustic material will also have low read rates.

Included here are the individuals who does home improvement work and really roughs up their hands

Tellers - Secretaries - Accountants - persons handling money or paper frequently may also have unreadable prints.

Injury - Cuts - amputations - etc...

Point is, depending upon the mix of your population, using Fingerprints for a single factor identification may be quite challenging.

I'll state up front that I work for a biometric provider.

I'll also note that there certainly are some fingerprints that are difficult to read. For example, years ago I attended an IAI presentation by Gary Bender in which he noted a technical challenge that one provider faced: the fingerprint readers were located near the doors of grocery stores in the Midwest, and the people who used the service tended to be older. The combination of cold temperatures and elderly fingerprints made reading particularly difficult. And in this case, unlike a background check, the fingerprints were being captured on a regular basis. Technology has improved since then, but you're never going to get 100.00000% capture rates.

One potential solution (among several) to the issue of unusable fingerprints is to capture multiple biometrics - if there is difficulty in capturing one biometric, another may be used. Of course, that increases the cost of the system.

(snarky quick version)

A biometrics system that turns around and spits out a 26 bit wiegand value into a panel is not necessarily secure. It can be spoofed. the biometrics subsystem likely has a cloned out of date poorly secured copy of your cardholder database. Integration with your PACS is probably janky and rev-locks you 1-3 versions back.

(longer convergence engineering version)

Embarassing questions for biometrics vendors:

Can they answer the "tell me about your science" question.

Is their copy of the cardholder data secured.

Is the interaction with the network secured (usually there's an ethernet cable along with the janky 26 bit wiegand wire.)

Can your PACS handle multiple vendors and/or multiple technologies.

Do the use (do they even know of) relevant standards. See if they know what CBEFF is. Or OSDP biometrics. Or Mifare Plus/DESFire.

Do they have any collateral credential format limitations (like the units that require an integrated card reader and only do Prox...)

I am looking for a biometric reader which is not connected to the network, for network security reasons.

Happy to get some recommendations.

Hello Gabriel:

Can the reader be temporarily networked during enrollment, but not operation? (The majority of time?) The reason I bring this up is because when a new user is enrolled, pushing the new template to all readers is easier/quicker than enrolling in each reader separately.

For the question, there are many examples of readers that operate in 'standalone' (not networked) mode. Brands like ZKAccess/ZKTeco, Suprema, or Morpho all have units that do not need to be ethernet networked to operate, and can connect to a standard access control system controller via Wiegand, or in some cases OSDP.

Take a look if those help. If you have other questions, please ask!

Hi Brian,

Thanks for the info.

The reader will placed quite far from the enrollment center, so enrolling at the reader itself is not an option, but i still can't use network connectivity.

is there another solution? what about storing the template at the card side?

Got it. The common method/term used when storing the template on the card is called 'verification mode', or 1:1 or similar.

This mode essentially stores the biometric template on the smartcard (iClass or similar), and when the card is scanned, the biometric template is transferred to the reader along with the card number details.

In order for the card number details to be sent by the reader to the system, the biometric (fingerprint) scan has to match the template stored on the card. If the reader cannot verify the user as the one the card issued to, the reader does not send card details and the door remains locked.

I'll need to investigate specific models that support this type of 'verification mode' some store it in the reader first, but it is not difficult to find and is relatively common.

The main difference here is that it requires all users to carry and scan a card first, which is not need if biometrics are used as a primary credential.

You might also find Zwipe's Fingerprint Card interesting, as it requires a valid fingerprint to activate the card, but is otherwise a standard card for a non-biometric access system.

We use 1:1 method for achieving better FRR, without storing the actual bio template on the card itself.

If I understand correctly, the bio readers can read the template from the smartcard. If so, I believe that would be a good solution.

I'll checkout the Zwipe's card, that also could work.

To make this more complicated, it all has to be integrated to an AMAG system.

Thanks Brian! I'll update you.

Hello Gabriel,

In the case that you parameter the installation to be a 1:1 with AoC (Access on Card, fingerprint template and PAC data being stored on card) then you do not need the Biometric readers connected to TCP/IP.

This can be done with fingerprint (because templates are not big but accurate 300~384 bytes). That's impossible with Face and difficult with Iris because you need more information in order to really differentiate users.

Cards that can accept to store fingerprint information are from less to more secured:

- Mifare 1K, 4K

- Mifare Classic

- HID iClass SE, Mifare DesFire EV1 (4k, 8K)

- HID Seos cards (with correct ADF structure), for example, Seos 8K + Prox = Part Number 5106RGGMNM-ES (where ES means it's ready for Biometrics)

Below pic is taken from an old presentation that I did in 2015 (not updated but still valid)

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

HID Mobile Tested on Jun 21, 2019
HID Global is one of the largest access brands, but their mobile access has had challenges. Indeed, the company has already restructured their...
Genetec Synergis Cloud Link - Complex, Costly and Confusing on Jun 18, 2019
Genetec's Synergis Cloud Link is complex, costly and confusing compared to competitor access control architectures. Inside this note, we examine...
Biometrics Usage Statistics 2019 on Jun 17, 2019
While face and fingerprint recognition are used regularly for smartphones, it is not as common in physical security. In this note, we examine...
Farpointe Data Conekt Mobile Access Reader Tested on Jun 13, 2019
California based Farpointe Data has been a significant OEM supplier of conventional access readers for years to companies including DMP, RS2, DSX,...
Dumber Techs, Bad Box Movers, Says Australian Distributor on Jun 10, 2019
Techs today are "dumber" than they used to be, despite better education and training and that makes a typical day "frustrating" for one...
OSDP Access Control Guide on Jun 04, 2019
Access control readers and controllers need to communicate. While Wiegand has been the de facto standard for decades, OSDP aims to solve major...
Vidsys New President Interviewed on May 31, 2019
A decade ago, PSIM was hot with projections then of a billion dollar market by now. This has not come close to happening. However, Vidsys, one of...
Access Control Job Walk Guide on May 22, 2019
Significant money can be saved and problems avoided with an access control job walk if you know what to look for and what to ask. By inviting...
Facial Recognition Systems Fail Simple Liveness Detection Test on May 17, 2019
Facial recognition is being widely promoted as a solution to physical access control but we were able to simply spoof 3 systems because they had no...
Maglock Selection Guide on May 16, 2019
One of the most misunderstood yet valuable pieces of electrified hardware is the maglock. Few locks are stronger, but myths and confusion surround...

Most Recent Industry Reports

HID Mobile Tested on Jun 21, 2019
HID Global is one of the largest access brands, but their mobile access has had challenges. Indeed, the company has already restructured their...
Genetec Beats Milestone For IHS #1 on Jun 21, 2019
For years, Milestone has touted that they are the #1 VMS. Now, Genetec has beaten them in IHS rankings. But what is this? Even other manufacturers...
Risk of Amazon Alexa Guard: No Battery Or Cell Backup on Jun 20, 2019
Amazon positions its Alexa Guard Service as a "smart home security system" and says it can help you "keep your home safe". However, the...
Exacq Remote Cloud Access Tested on Jun 20, 2019
Remote cloud access has been missing from most VMSes (including Exacq and Milestone). Now, Exacq, after releasing Cloud Drive Storage earlier in...
Briefcam Buys Frost Award* on Jun 20, 2019
Frost 'awards' are well-known and widely disrespected. Now Briefcam is touting their win. The way it has worked for many years is that Frost...
IFSEC 2019 Show Report on Jun 19, 2019
The UK's largest trade show, IFSEC, is underway and IPVM has been examining what is new and happening at the show. Inside, we cover: Huawei...
Repositionable Multi-Imager Camera Shootout - Avigilon, Axis, Dahua, Hanwha, Hikvision, Panasonic, Vivotek on Jun 19, 2019
Repositionable multi-imager cameras are one of the fastest growing segments in video surveillance, with a slew of new offerings being recently...
Genetec Synergis Cloud Link - Complex, Costly and Confusing on Jun 18, 2019
Genetec's Synergis Cloud Link is complex, costly and confusing compared to competitor access control architectures. Inside this note, we examine...
Startup Vaion Launching End-to-End AI Solution Backed with $20 Million Funding on Jun 17, 2019
An EU / USA video surveillance startup, Vaion, founded by ex-Cisco Senior Directors is launching an end-to-end VSaaS platform with $20 million in...
Biometrics Usage Statistics 2019 on Jun 17, 2019
While face and fingerprint recognition are used regularly for smartphones, it is not as common in physical security. In this note, we examine...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact