Working with biometrics is always a balancing act. With passwords, authentication is simple — either it matches or it doesn't. But when that "password" is part of a user's body, whether a face scan, iris match, or just a regular old fingerprint, systems have to anticipate and account for a little bit of wiggle room. After all, you don't want that face scan failing because you got a pimple, or your fingerprint rejected because you touch the sensor at a slightly different angle each time. But now a new attack takes advantage of the flexibility programmed into these systems, generating fake "universal" fingerprints.

Read More