Galaxy S8 iris recognition system hacked
The Galaxy S8's iris scanning system will be used by TSB customers Reuters/Kim Hong-Ji

Later this year TSB bank will become the first in Europe to let customers log in to its smartphone app with a scan of their iris - but experts warn that an increasingly reliance on biometric security instead of passwords might not be the answer we are looking for.

From September, TSB customers with a Samsung Galaxy S8 will be able to log into their accounts without repeatedly entering a PIN or password, or using their fingerprint. Once the iris is registered, they will be able to log in by just looking at their phone, a system which is fast, simple and already used to unlock the handset.

But security experts warn that biometric security like iris scans and fingerprints can still be problematic.

Richard Parris, chief executive of security software company Intercede, said: "German hackers were recently able to trick a Samsung Galaxy S8's iris scanner with a picture of the device owner's eye and a contact lens...Biometric authentication is not entirely immune to potential attack and therefore should not be relied on as the sole means of verifying a user."

Etienne Greeff, co-founder and chief technology officer of SecureData, shared a similar concern over biometric security. "The general perception is that biometric security – iris scans, fingerprints and voice recognition – is inherently secure because it's taking something you are, something that never changes, and using it as a means to access your accounts to verify your identity. While this is significantly more secure than using passwords which has been shown to be a very poor form of authentication, a few caveats apply. The person using the authentication data has a big responsibility to store the data in a secure fashion."

Greeff explains how a stolen password can be easily changed, but with biometrics this isn't the case. "What happens when your biometrics security settings are hacked? You can't change your voice, you can't replace your eyes, you can't reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you. The implications of biometric security hacks can be much more severe as a result".