Biometric access control systems

What do you think of biometric access control systems?
I know that these systems are used in enterprises and they are quite secure. I’m wondering if such methods are used for access to private homes. And is it safe?
I would be grateful for your thoughts on this!

I can recommend LPL’s channel if you want to learn how to spot weakness in this type of product :
Lockpicking lawyer

The weakness sometimes relies in the alternative emergency unlocking option (a key or code) rather than the primary biometric system.

I think the biggest issue with biometrics is that you can never change the “key”, so if technology enables your keys to be compromised then the system becomes completely invalidated


To add on to the “you can’t change your key”

You leave it everywhere you go, and various companies and gov entities own and maintain a copy of your “key” with little to no oversight what they do with it

So it’s a very leaky key that you can’t change

1 Like

A close second issue for biometrics is that they are extremely good at identification, but abysmal at authentication. Said another way, it’s very easy for 3rd parties to use biometrics to identify you, with your knowledge and consent, or without it… but it is so insecure that anyone could faux your analog biometrics and gain access that you can’t use it to secure anything really.

1 Like

Biometrics allows you to make quick access, but not as reliable.

Biometrics can sometimes be convenient when it works reliably, or the opposite when it stops recognizing your fingerprint or face. So a secondary option such as passcode will be required, but that’s less secure. Scramble keypads are a little more secure but less convenient. RFID implants can be both secure and convenient, I wish it was a bit more mainstream so more places will be willing to enroll your implant to their access control system.

Speaking of biometrics, that reminds me of my old job (McDonald’s), the time clock would at some days not recognizing my fingerprint, especially when I have dry fingers, not sure why that had an effect as it’s an optical sensor not capacitive. I would manually enter my employee ID instead, the ID number was 2 or 3 digits and the default password was 0. Fun fact, McDonald’s and many other companies were sued for violating Illinois’s strict biometric information privacy law


It seems to me that code access is reliable and universal, it can be changed. RFID can be considered a sacanner and create a duplicate.

My brother (7 years younger than me) unlocks my Iphone with FaceID every time he wants.

I can’t do the same thing with his IPhone.

Basically this means that If I print a mask of your face from one of your FB/IG photos with a good quality printer there are good chances that an eventual biometric system could recognize me wearing your mask as you.


More advanced systems like DESFire, MIFARE 4K, and Javacards can’t be duplicated right now. Also even with legacy systems, if they are compromised you can just change the information on the card or in the database. I can’t change my fingerprint or face or eye or veins in my hand or my DNA