Biometrics Got Intrinsic Problems

Biometrics Got Intrinsic Problems

By Debesh Choudhury | TechFuture | 2 Sep 2025


There has been much hype around biometrics.

Biometrics is a fruit of practical research studies in STEM—science, Technology, Engineering, and Mathematics.

  • The practical research in biometrics revealed that biometrics-based recognition is probabilistic, NOT deterministic.

  • Major users of financial systems are clients who are enthusiasts about the associated technology innovations.

  • Most users are not knowledgeable about the technologies. They dwell on the hype of technology and slowly become ardent fans of new technology.

The promoters of biometrics must not hide the security-lowering traits from the people.


 

 

What are the problems of biometrics-based authentication?

  • Biometrics has inherent and intrinsic problems that can't be surmounted externally.

  • Because the recognition process of biometrics is inherently probabilistic.

  • The probabilistic recognition of biometrics is inherent and intrinsic.

Can an inherent and intrinsic probabilistic process be transformed into a deterministic process?

  • No, it is not possible to convert an inherent and intrinsic probabilistic process into a deterministic process.

  • Then, how could a probabilistic process be used to yield a deterministic "yes/no" result?

  • But a deterministic "yes/no" is essential for human identity authentication by technological means.

No external technology agent or process can make biometrics-based authentication as deterministic to yield a deterministic "yes/no" result like text passwords/PINs.

This is the major problem biometrics can't surmount.


 

 

There are many other problems and vulnerabilities associated with biometrics-based recognition.

Let me describe the problems of biometrics recognition technology.

  1. Biometrics spoofs; the spoofing technology has been progressing at an alarming pace.

  2. False acceptance and false rejection of biometrics; there are finite tolerances of biometrics-based recognition.

  3. Biometrics can't be reset; so once databases of biometrics are hacked/stolen, the stolen/hacked data would remain in the hands of the criminals forever.

  4. Biometrics can be collected and copied from public places and social media by several technical means.

  5. Biometrics suffers from 'credential stuffing,' which means reusing the same authentication credentials or passwords for multiple accounts.


 

 

Biometrics is not a fallacy, but biometrics-based recognition can lower the security of authentication systems.

  • Biometrics indeed has traits that can differ from person to person, and hence biometrics features can form usable signatures for human personal identification/authentication.

  • But biometrics-based features are not unique, whereas the hash data of text passwords/PINs provides unique signatures.

  • That is why biometrics-based recognition can yield a probabilistic result.

  • Thus, biometrics-based recognition cannot yield deterministic "yes/no" results like text passwords/PINs.

Hence, biometrics is not fit for authentication use cases.

If we want to make the digital authentication processes secure, we must get rid of biometrics as an authentication factor.


 

 

Biometrics has intrinsic problems; hence, biometrics is inherently unreliable.

Biometrics is a fruit of practical research studies in STEM—science, Technology, Engineering, and Mathematics.

  • The practical research in biometrics revealed that biometrics-based recognition is probabilistic, NOT deterministic.

  • But biometrics has inherent and intrinsic problems that can't be surmounted externally.

  • Then, how could a probabilistic process of biometrics recognition be used to yield a deterministic "yes/no" result?

No external technology agents or processes can make biometrics-based authentication as deterministic to yield a deterministic "yes/no" result like text passwords/PINs.

  • Additionally, several other problems and vulnerabilities exist in biometrics-based recognition, including biometrics spoofing, false acceptance, false rejection, and 'credential stuffing.'

  • Moreover, biometrics can be collected and copied from public places and social media spaces, and biometrics can't be reset like text passwords/PINs.

  • That is why biometrics is inherently unreliable.

Hence, biometrics is not fit for authentication use cases.


 

 

<> Originally published on my LinkedIn blog.

 

 

------------

About me

I am a researcher who contributes to the overlapping areas of STEAM (Science, Technology, Engineering, Arts, and Mathematics). I am an active user and promoter of GNU/Linux, free and open-source software. I also develop cybersecurity and information security solutions, specifically graphical authentication security.

SUPPORT MY WRITING: If my writings inspired you, made you think, or rekindled the values of life, consider buying me a coffee. Your small gesture will help me grind more with writing.

 

Cheers!

Debesh Choudhury

Text Copyright © 2025 Debesh Choudhury — All Rights Reserved

Join me at

YouTube, Twitch, CashRain, Odysee, LinkedIn, Twitter, Publish0x, ReadCash, and Facebook.

Earn passive income by sharing unused Internet bandwidth with Grass and Honeygain.

Cover Image: I created the cover using an image by Joachim Niehus from Pixabay (modified with my texts).

All other images are either drawn, created, or screenshots by me or credited to the respective artists or sources.

Disclaimer: All texts are mine and original. Any similarity and resemblance to any other content is purely accidental. The article is not advice for life, career, business, or investment. Please do your research before you adopt any options.

Unite and Empower Humanity.

Tuesday, September 02, 2025

#biometrics #security #vulnerability #authentication #password #cybersecurity #informationsecurity #technology #learningtimes #debeshchoudhury

How do you rate this article?

18


Debesh Choudhury
Debesh Choudhury

I am an Information Security Researcher, Podcast Host & Tech Blogger.


TechFuture
TechFuture

TechFuture will publish short articles on future technologies that will make the world a better place to live. It will include digital identity, data privacy, passwords & cybersecurity, cryptocurrencies, and many more.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.