In 2013, it was Apple that introduced Touch ID via the iPhone 5s. Just four years later, Face ID was introduced, which allowed Apple to definitively pave the way for biometric unlocking as a standard. Android manufacturers quickly followed, with facial recognition based on cameras or infrared. Meanwhile, these forms of authentication are also being applied outside of smartphones. Laptops, smart locks, and even cars are becoming increasingly user-friendly to unlock. And because everyone has a different fingerprint, it almost can't go wrong, right?
Biometric unlocking is convenient, but not foolproof
Although biometric unlocking seems safer than a password, these methods are not infallible either. Fingerprint scanners can be fooled with silicone prints. Facial recognition sometimes works with twins or through photos. The latter can still be circumvented when the system measures depth (as with infrared or LIDAR), but that is not the case for every facial recognition lock.
An additional risk: your biometric data is immutable. If your face or fingerprint is leaked? Then you can't 'reset' it like a password. Therefore, storage and encryption of this data is crucial. How that is done varies greatly by manufacturer and system.
The newest player: palm recognition
An eye-catching newcomer is palm recognition. Here, it is not your skin surface that is scanned, but the unique pattern of blood vessels under your palm. It measures something that is invisible from the outside, and thus much harder to forge. Amazon One already uses it in cashier-less stores, and Fujitsu applies it in access control systems.
Advantages? Contactless, hygienic, and less susceptible to spoofing. The technology can also be linked to other factors, such as location or usage patterns, for even higher security.
What else is possible?
In addition to palm recognition, more and more alternative or experimental methods are emerging:
Behavioral biometrics
In behavioral biometrics, a device recognizes you by your typing speed, swipe rhythm, or walking style. It pays attention to the small traits, but the question is whether that is enough to draw conclusions. After all, people can sometimes do things differently.
Voice recognition
You might already know this from movies - based on a voice, a device knows it’s you. This technique is already being used in customer services, but is currently still vulnerable to deepfakes. With the rise of AI, the future is therefore uncertain.
Heart rate profiles (ECG)
This measures your unique heart activity via wearables like a smartwatch.
Brain waves (EEG)
This looks at your brain rather than your heart. Unique brain patterns could be used as an identification method, but this idea is still mostly in laboratories.
Contextual authentication
Do you also always flop down on the couch with your phone at the same time after a long workday to do some doomscrolling? By measuring location, time, and usage behavior, devices determine whether you get automatic access.
These methods can be used separately, or combined in so-called multi-factor or passive authentication systems. Suppose you go out to dinner and walk differently because of a nice wine, or you just ran hard - then there must of course be a bypass option
What does this mean for the future?
The trend is clear: from active input (typing a password) to passive recognition (your behavior or physiology). This increases usability, but also places high demands on data storage, privacy legislation, and ethical boundaries. Because if you are always and everywhere automatically recognized, where does convenience end and control begin?
Yet the future is open. Biometric unlocking will become less visible, but increasingly intertwined with our devices, our infrastructure, and even our bodies.
