What are The Highest Risks of MFA?

“Biometrics are NEVER as accurate as they claim, EVER”.

In Episode #203, Roger Grimes, a Data-Driven Defense Evangelist at KnowBe4, advises that CIOs and CISOs should never use Biometrics as a standalone authentication method.

There’s a widely believed myth that each fingerprint in the world is unique. The truth is that no one has ever taken every fingerprint in the world to test this theory. Even if it was true and your biometric information is stolen and reused, Roger says: “what are you going to do, change your fingerprint?”

Roger also points out that Biometric scanners are detuned to prevent user frustration. He uses his cell phone as an example: “when I can’t open it right away using my fingerprint, I’m mad … If it didn’t let me in, I would stop using it.”

Roger has spent his life hacking fingerprint scanners and states that “sometimes it’s as easy as going up to the fingerprint reader if they have the flat glass and blowing cupped air onto it … The moisture from my air activates the oils and logs me in as [the last] person.” No special spray or “playdough finger” needed.