Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Facial Recognition Rated Far More Ineffective Than Touch ID by Hackers

Facial recognition was rated as the worst tool for authentication by a fifth of respondents in a recent survey of the hacking community—six times more often than fingerprint authentication.

It’s an interesting insight given the new iPhone’s shift to face-recognition security. In fact, facial recognition (19%) was ranked the second-worst tool overall, according to the Bitglass Data Games: Security Blind Spots report, which surveyed 129 white hat and black hat hackers that attended Black Hat 2017. Password-protected documents (33%) were ranked as the least effective security tool.

Other problematic approaches in the hackers’ view were access controls in general (15.5%); mobile device management and network firewalls (11.6% each). Fingerprint authentication was seen as an ineffective tool by only 3.1%.

Meanwhile, 59% of respondents identified phishing as the best data exfiltration strategy, as human error and ignorance will always be exploitable. Understandably, and in line with recent cyberattacks, malware and ransomware ranked second, at nearly 27%.

“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” said Mike Schuricht, vice president of product management at Bitglass. “Many security technologies fail to address IT’s largest blind spots—unmanaged devices and anomalous access.”

In fact, the top five data security blind spots are unmanaged devices (61%), not-up-to-date systems, applications and programs (55%), mobile devices (36%), data at rest in the cloud (26%) and traditional on-premises security (20%).

On the motivation front, more than three quarters (83%) of respondents believe that hackers are spurred by the monetary value of stolen data, with ego and entertainment value playing only a small role.


Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/


What’s Hot on Infosecurity Magazine?