- Your train was late, but somehow you make it to the head office just in time for that all important nine o'clock meeting and you realize you've forgotten the passcode to actually get into the building. The meeting is starting, no one is answering their phone and you're stuck outside, we've all been there. Remembering passwords can be a pain, especially when we're encouraged to have different passwords for every system we log into. So, is there another way of gaining access to something such as a company's headquarters without one? You can gain access to systems, devices or data using biometrics. Biometrics are physical or human characteristics that you can use to identify a person such as fingerprint mapping, facial or voice recognition and retina scans. You can use these characteristics on their own or as a combination to ensure more accurate identification. The key is that the characteristic must be unique to the individual. Because the information needed is literally a part of you, biometrics makes authentication faster and more secure than traditional passwords or PINs. However, if you're using a biometric authentication system, you need to be careful to avoid violating employee or customer privacy. You also need to watch out for exposing sensitive information. If someone guesses your password, you can change it. If someone steals your biometric information, you can't get new fingerprints. This means that it's extremely important that you keep biometric data secure. A security breach could create permanent risks for the user, as well as having huge legal implications for the organization that loses the data. You are responsible for your own security decisions. So it's important that you reduce the risk and consequences of a security breach by choosing the right system vendor. It's vital that you know who is responsible for any information leaks, particularly if you work for a smaller organization. To protect yourself legally, you shouldn't store any data linked to biometrics. You should encrypt the data so that it never goes near the organization's servers. Take our HQ scenario for example. If you use your fingerprint to access the building, your personal information is encrypted at the scanner and goes straight to a processor which recognizes that you are allowed to access and opens the doors. Your information is never given to the organization. Encryption reduces potential security risks for the individual and compliance implications for the organization. Sometimes you can't avoid storing authentication information on your servers. In this case, you should always follow the best practice security measures. Store the data as a template rather than as an image. Encrypt the data and store the data on a device rather than on a central database so that it's isolated and protected from any larger system breaches. If you take care to implement stronger security measures, using biometrics for identification and authentication can make gaining access faster, easier and safer. You'll never have to worry about being locked out of a meeting ever again.