Using physical and behavioural characteristics in security to authenticate identity dates back to the first signature used on a bank cheque, and since then, progress has been significant. New technologies like biometrics are increasingly used across industries, with facial recognition and fingerprint sensors becoming the new trusted gatekeepers of our age.
The appeal of biometric technology comes from its inherent clarity, speed, ease of use and functionality, mixed with a small hint of Bond‐esque gadget appeal. The spread to consumer products like laptops and smartphones, with biometric technology inbuilt, has served to deepen the widespread comfort in biometrics as a reliable form of security. There’s also an understanding of how unique features such as a face or a fingerprint can provide an infinitely more complex key to protect access with, than any combination of letters, numbers and symbols.
Yet, with the impressive functionalities that biometrics provides, it is essential to cast a thought to how the associated data is being stored and what the risks involved are in opting for fingerprint‐only authentication. The idea of opening a smartphone with one’s face is impressive, but facial recognition as a security measure has its own downfalls.
A well‐known hacker proved the fallibility of fingerprint authentication recently by using a print left on the screen of the newly released iPhone 5S screen to bypass the authentication request. This scenario is not uncommon. The ability to use a high-resolution image of a hand to collect fingerprints in order to use as access authentication has been previously documented. Biometric recognition also poses a potential pitfall thanks to the personal, unique form of authentication, one which cannot be lost, replaced/reset or disassociated from its owner.
As more and more banks and retailers start to use biometric recognition as a form of identification to perform everyday functions such as authenticating payments and provide access, the risk of this type of biometric hacking is increasing. The prospect of a biometric data breach, where users risk the prospect of losing biometric data used to provide authentication, which then cannot be changed, highlights a significant potential pitfall for the technology.
For most people, the idea of security ends at their fingertips. Many don’t consider where their biometric data is stored and how that must be protected in itself. Biometric data needs to be stored securely with restricted and monitored access – be it on a device, server, or in the cloud. Investigating the security capabilities of providers is especially important when selecting who holds your biometric and personal data.
As part of this issue, Biometric data governance is necessary, not only across business, but in places that might not immediately come to mind. Many schools use biometric technology to monitor attendance or as replacement for library and lunch cards, for example. This kind of data is normally centrally stored on the school’s network and could put children’s personal biometric information at risk if inappropriately secured.
Biometric technology is also valuable in terms of corresponding security procedures, just as a password might be if paired with another form of authentication. This is particularly important with intrusion attempts and data breaches being daily occurrences.
As the risk of single-factor authentication becomes apparent, the role of additional layers of security, such as biometric technology is rapidly becoming a necessity. Multi‐factor authentication provides an opportunity for users to shore up access rights and reduces the prospect of a potential data breach.
The concept is not new ‐ the term two-factor authentication (2FA) has been used since the nineties to describe a second authentication method, often a hardware token that could generate a one‐time password. However, as technology has evolved and personal technologies such as smartphones have become more sophisticated with new features such as push technology, it has become much easier, not to mention more secure, to have two or more forms of authentication.
Enabling multi‐factor authentication is a critical step in providing robust security, and in an ever-evolving security landscape, it is quickly becoming a necessity. What was formerly just a novelty, biometric technology is quickly becoming a modern-day requirement in providing an edge in the battle for secure data.
Simon Strutt, Head of Consulting and PreSales at SysGroup has over 15 years of experience in the tech industry managing and engineering corporate and enterprise systems on a broad range of platforms to deliver mission critical applications and services.