You unlock your phone with your face, your fingerprint sends your laptop whirring into action, you pass airport security by glancing at a camera. Biometric technology has become so woven into the daily routine that for many people, it barely registers any more.

That invisibility is part of the point. These systems are usually fast, convenient and feel secure. Unlike a password, you can’t forget your face. But that doesn’t mean they are without risk.

Biometrics fall into two broad families: physiological (fingerprints, faces, irises, even nailbed patterns) and behavioural (how you walk or type, the rhythm of your speech, the angle you hold your phone).

Both forms are already being widely used – you just may not realise it. Many banks and retailers now monitor how you interact with your device – from swipes, taps and scrolls to the angle you hold your phone, the rhythm of how you move between fields, and the pressure of your touch. If someone else picks up your unlocked phone and tries to access your banking app, this can automatically trigger a fraud alert.

My research with colleagues even shows it’s possible to infer a user’s name and native language from the timing patterns of their keystrokes.

The graphic below shows the full extent of biometric technologies. Those marked dark...

Read more