Reality that so many security experts opt to not speak

3 min readJul 15, 2021

“Touch ID and Face ID: Real biometrics or not?” https://www.biometricupdate.com/202107/touch-id-and-face-id-real-biometrics-or-not

Reading reports like the above, probably not a few people would react quickly and critically, mentioning the absence of cancellability of our body features and the privacy concerns it causes.

Few people, however, speak about the fact that the overall security is brought down to the level lower than that of a default password/PIN where the biometrics is used with a default password/PIN in a ‘two-entrance’ deployment (as against ‘two-layer’ deployment).

This security-lowering effect is the inevitable consequence of biometrics being probabilistic, as against deterministic; body features of living animals are unpredictably variable in ever changing environment.

Here is the reality that so many security experts opt to not speak — a two-layer deployment of two authenticators decreases the attack surface, whereas a two-entrance deployment increases the attack surface, thus providing a better convenience to bad guys as closely examined here — https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/