And the Scourge of Deep Fakes Continues

As if yesterday’s deep fake post wasn’t enough to scare you, here is another one.

Gartner says that attacks using AI-generated deepfakes to bypass facial biometrics will lead a third of organizations to doubt the adequacy of identity verification as standalone protections.

Actually, this is good news because biometrics should ***ONLY*** be used to identify you and never to authenticate you, meaning that compromising what is effectively only your userid but not your password is not a big problem.

But that is not how biometrics are often used. They are often used as your password.

The problem with that (or at least one of them) is if your face ID is compromised, you have to get plastic surgery to fix the problem. Not convenient. Or affordable.

Companies have added “liveness detection” to try and solve the problem, such as asking you to move your head, but that is only a short term stop gap solution until the AI catches up.

Possibly, vendors will continue this cat and mouse game for a while because the goal is to reduce friction while reducing fraud to an acceptable level. But what is acceptable to one person is not acceptable to another.

So what is your acceptable level of fraud? That probably depends on whether we are talking about your retirement savings or your Netflix account.

As I often say – security or convenience, you can only pick one.

Have questions/need help? Please contact us. Credit: The Register

by