Ever since people started buying products and services online and through digital channels, banks, payments processors, retailers and others have been trying to figure out how to best secure those transactions. One thing everyone agrees upon is that the password-and-username system is easily hackable and basically broken at this point.

But what authentication method should be used to replace it? Biometrics have been perhaps the most frequently touted solution, the notion being that “something you are” is much harder for fraudsters to replicate than “something you have.” And since Apple developed its Touch ID technology for iPhones several years ago, most consumers have generally become comfortable with the idea of non-password forms of biometric authentication.

But it turns out that even biometrics may not be as foolproof as once thought. Researchers have now revealed that they can produce “artificial fingerprints” that could hack into millions of smartphones. According to a CNBC report, the authors of a new paper from New York University and Michigan State University successfully generated what they call "DeepMasterPrints" earlier this year. These are machine-learning methods that act as a kind of "masterkey" which, the researchers claim, have the potential to unlock around one in three fingerprint-protected smartphones.

A cybersecurity executive once described to us the battle between hackers and security experts as a “cat-and-mouse game.” Basically, when security people successfully repel one type of attack, fraudsters just create new ones. It remains to be seen whether a truly foolproof digital security measure can ever be created.

This article was published as part of Weekly Briefing No. 155