Why We Cannot Find ‘Biometrics + PIN’ Configured in ‘2-Layer’ Formation?

A LinkedIn connection wrote to me wondering why they cannot find the services that allow them to register ‘biometrics + PIN’ in an ostensibly security-enhancing 2-layer formation.

My answer was that biometrics is probabilistic, which means biometrics does not escape frequent False Rejection so long as False Acceptance Rate is set to be meaningfully low.

When deployed in a multi-layer formation, the user can by no means rescue themselves when they are rejected by biometrics, even if they are able to feed the correct PIN/password. That’s why no services allow users to register ‘biometrics + PIN’ in a multi-layer formation.

The same person also wondered what about something like ‘PIN + biometrics’ deployed in a convenient multi-entrance formation with a strong password as a backup to improve the situation somewhat.

My answer was “You and your colleagues are pleased to remember a unique set of PIN and password for each account only for that, aren’t you? I would rather suggest you to ditch the biometrics altogether as an authentication factor. “

Here is a 2-minute video on how biometrics destroys the security that a password/pincode has somehow provided — “Biometrics in Cyber Space — “below-one” factor authentication” https://youtu.be/wuhB5vxKYlg

How about the discussion on the pursuit of truly practicable and yet secure identity security solutions? — “Value of Identity Assurance — Trivial or Significant?” (21Sep2023) https://www.linkedin.com/posts/hitoshikokumai_international-criminal-court-hacked-amid-activity-7110545195355570176-G38i

Well, let me add that we are not against all of biometrics; We respect the value of biometrics used for forensic and other identification purposes where citizens are correctly informed of the privacy risks.