People prefer biometric security authentication to passwords because PINS and passwords readily get hacked and are challenging to remember. While passwords are the current what you know method, your physical characteristics are "what you are."
And there's only one you. (Read New Advances in Biometrics: A More Secure Password.)
But, picture this: a four-year-old child noticed that Amazon dropped gifts on their doorstep after her mother swiped her pinkie on the iPad's touchpad. So, the child used her sleeping mother's pinkie to unlock the device and, going to Amazon.com, one-clicked that beautiful pink bike.
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
True story. Incidents like that happen all the time. (Read How Passive Biometrics Can Help in IT Data Security.)
Gartner, a leading research and advisory company, claims certain physical and behavioral characteristics, like your facial features or the way you type, are more secure than your password.
In contrast, critics count millions of data breaches and they're growing every day.
Over the last decade, scientists unleashed various biometric verification identifiers to dramatically improve enterprise security.
The most common biometric identifiers are:
Join this interactive round table to learn more about HCI and how this technology helped a mid-sized, service-oriented, and process-intensive company to simplify its IT while providing better services, aligned to increasing business needs.
Used to unlock door panels, devices or computers of approved users, among other user cases.
More specifically the iris, sclera or retina, where devices equipped with cameras scan the unique patterns of your eyes.
For example, prompt server room doors to swing open automatically when cameras recognize the faces of trusted system administrators.
For example, digital assistants and telephone-based service portals use voice recognition to identify users and verify customers. (Read Voice Recognition Technology: Helpful or Painful?)
Other image-based authentication methods include facial contortions, veins in your hand, the shape of that hand, body odors, and the shape of your ears.
More recently, researchers at the University of Buffalo developed a way that you can use heartbeats for your new pass-code, while, at the same time, a $1,000 pocket-sized scanner hit the market for scanning DNA.
According to a recent Ping Identity survey, 92% of IT and security respondents rated biometric authentication as two of the top five most effective security controls, and 80% said it is effective for protecting data stored in a public cloud.
Around the same time, a Spiceworks survey reported that 62% of companies are already using biometric authentication, and another 24% plan to deploy it within the next two years.
The Amazon-grubbing child is one of scores of incidents that plays havoc with biometrics authentication. Two years ago, on a Qatar Airways flight a woman used her husbands fingerprint to unlock his phone while he was asleep, to divulge his infidelity.
It's super easy to copy fingerprints as cybersecurity and emerging technologies advisor, Joseph Steinberg remarks:
For well over a decade, I have been outspoken against the widespread use of fingerprints and most other forms of biometric authentication as a means for authenticating people among the serious problems with such schemes are the fact that biometric information is not secret (you leave your fingerprints on everything that you touch, and often show them in pictures, for example).
You want to know the cheapest simplest fastest way to crack into your boss iPad? Use play-dough.
And look for high-definition photos where your boss high-fives, makes the Vulcan peace sign or raises his hand to ask a question just like the hacker who recreated a German ministers fingerprints using photos of her hands in 2014.
There are bundles of other tricks that include researchers using voice scanners to impersonate your voice, iris scanners that match your retinas and face scanners that trick facial recognition login with photos from, say, Facebook even 3D-printed heads.
Aside from that, facial recognition devices can readily be fooled by false positives, such as if your voice is hoarse, you switch hair-styles, you wear sunglasses, or don a mask for Halloween.
So, fingerprints, voices and faces are out, but so, too, are heart-beats, DNA, body odors, and eyes. If they get compromised, you can't just roll out your eyeball and replace it with another
Biometric authentication is convenient, but privacy advocates fear biometric security erodes your privacy. Companies could easily collect and exploit your data on, say, where and when you typically use your phones.
Hackers could replicate and sell these biometrics for tracking and marketing your behavior and movements. As Robert Capps, VP of Business Development at NuData Security warns, Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a users accounts and identity will persist for that persons lifetime.
Even the multi-factor security model of Indias Aadhaar the worlds largest biometric identification system succumbed to hackers in 2018.
Had you been interested, you could have bought the personal data of more than one million citizens of India on WhatsApp for less than $10.
Susan Rebner, CEO of Cyleron, national security company, said she believes that's the next step and something her company's working on.
For example: devices analyze the way typists slide their fingers across desktops while sliding doors discern the person's stride; computers kick up at a person's finger impact on the keyboard, while mobiles recognize a user's hand tremor when punching numbers, among other items.
Other methods include speech recognition (used, for example, by USAAs mobile app) , well as signature verification (used, for instance, by banks on letterheads and other documents).
Any user behavior that veers from their norms and the device or system locks those users out.
You can protect passwords by hashing them into chains of digits and letters. Scientists say you can do the same with biometrics, encrypting them on a secure server.
In an interview for Biometric Update, Infinitys CEO Alfred Chan said their company's Quantum-Crypt technology developed hashed solutions for iris, fingerprints, and 2D face modalities, and is now exploring 3D modalities.
You can combine biometrics authentication with blockchain technology, or the decentralized ledger, where platforms are open-ended and shared by other participants. (Read Can the Blockchain Be Hacked?)
This means, any attempt to modify the data is detected by other users who subscribe to the platform.
While behavioral biometrics seems the most secure by far, analysts warn that the system needs to be regulated for data privacy and security and that the method needs broader testing to screen out false positives or false negatives.
On blockchain technology and hashed biometrics, MIT researchers recently showed how hackers could breach the allegedly "unhackable" blockchains.
Certainly, the same goes for cracking your hashed password to retrieve those biometrics.
Europeans have the General Data Protection Regulation (GDPR) that gives consumers protection over their personal data including biometrics. (Read How Cybercriminals Use GDPR as Leverage to Extort Companies.)
The U.S., to date, only has a hodgepodge of overlapping and contradictory laws from industry groups and federal as well as local government agencies - and that's despite its June 2015 hack of the US Office of Personnel Management where cybercriminals pilfered more than 5.6 million fingerprints of government officials.
If you're a business that wants to use biometrics authentication to shield your data, you're likely to benefit from this 1-2-3 proactive approach.
Regularly educate your staff on the biometrics security system you use and on how to ensure data privacy. You would also want to use strong passwords and store your biometrics in three places at best. Further, keep your operating system and Internet security software current so hackers can't crack it.
For greater security, use a combo of identifiers, so, for example, add fingerprints to facial recognition, like the new LG V30 smartphone that combines facial and voice recognition with fingerprint scanning. Some security systems also include additional features, such as age, gender, and height, in biometric data to thwart hackers.
Humans can dupe facial scanners by wearing a mask or makeup. Add a human to your security checkpoint for ultimate security.
Oh, and by the way...
You may want to observe the Illinois 2008 Biometric Information Privacy Act, where a company that collects its employees data must notify them on how the data will be used and stored and get their consent. Doing so saves you from privacy lawsuits from employees and customers whose biometric data you store.
Hackers are always going to be one step ahead of you.
Beat them to the trick by combining passwords with biometrics authentication systems and putting humans in the loop to improve security.
Also remember those privacy concerns.
While biometrics authentication technology is not foolproof, you may find it gives you less problems than passwords - as long as you keep on top of the system.
- The Rise of the Internet of Things | 2020-01-20 - Security Magazine - January 25th, 2020
- Protecting Websites from Magecart and Other In-Browser Threats - Security Boulevard - January 25th, 2020
- Off-campus wireless internet security on par with University - Kent Wired - January 25th, 2020
- Jeff Bezos Phone Hack Should Terrify Everyone - The New York Times - January 25th, 2020
- Limited internet to be restored in Kashmir, no access to social media - WSAU News - January 25th, 2020
- Cyber Security Today Kids clothes site hacked, a new phony email extortion scam and be careful with Internet Explorer - IT World Canada - January 25th, 2020
- Experts write to government on cyber fixes - Economic Times - January 25th, 2020
- Internet Security Software Market by Types, Applications, Countries and Forecasts to 2026 - Vital News 24 - January 24th, 2020
- An Open Source Effort to Encrypt the Internet of Things - WIRED - January 24th, 2020
- Local News Role of the internet in human trafficking to be highlighted at summit in SLO - KSBY San Luis Obispo News - January 24th, 2020
- Global Internet of Things (IoT) Security Market | By Component,By Type,By Application Area Dagoretti News - Dagoretti News - January 24th, 2020
- Internet Security Market to Reap Excessive Revenues by 2026 Dagoretti News - Dagoretti News - January 19th, 2020
- How to Secure Your Windows 7 PC in 2020 - How-To Geek - January 19th, 2020
- Security fears saw nearly half of Europe use the internet less during 2018 - The Brussels Times - January 19th, 2020
- Senate Passes Legislation to Help Boost and Secure the Internet of Things - Nextgov - January 19th, 2020
- Internet of Things presents the next frontier of cyberattacks - ITProPortal - January 19th, 2020
- Ooma Improves on Phone and Home Security with New Products for Cord Cutters - Cord Cutters News, LLC - January 19th, 2020
- Windows 7 computers will no longer be patched after today - Naked Security - January 19th, 2020
- How the Trump administration is secretly assisting Iranian protesters - Washington Examiner - January 19th, 2020
- Iowa results will be compiled over the internet, hacking threat aside - The Fulcrum - January 19th, 2020
- Interview with Jordan Blake on the potential of behavioural biometrics - The Paypers - January 19th, 2020
- Cyren (NASDAQ:CYRN) Stock Rating Lowered by Zacks Investment Research - Riverton Roll - January 19th, 2020
- Password Managers: What Are They & How to Use Them? - TechAcute - January 19th, 2020
- EZVIZ C6CN pan-and-tilt security camera review: Motion tracking keeps intruder in this camera's sights - TechHive - January 19th, 2020
- New Year, new gadgets? Five ways to keep your new devices safe from hackers, cyber attacks and malware - ZDNet - January 6th, 2020
- BlackBerry Collaborating with Amazon Web Services to Demonstrate Safe, Secure, and Intelligent Connected Vehicle Software Platform for In-Vehicle... - January 6th, 2020
- Internet of Things security firm Armis in talks to be acquired -media - Nasdaq - January 6th, 2020
- The Internet of Things: how safe are your smart devices? - Spectator.co.uk - January 6th, 2020
- Beset by lawsuits over poor security protections, Ring rolls out 'privacy dashboard' for its creepy surveillance cams, immediately takes heat - The... - January 6th, 2020
- Start the new year, and new decade, by making your slice of the internet more secure - Times Colonist - January 6th, 2020
- Industrial Internet Consortium teams up with blockchain-focused security group - Network World - January 5th, 2020
- Russia Takes a Big Step Toward Internet Isolation - WIRED - January 5th, 2020
- 'This Is the Beginning': Hackers Claiming to Be from Iran Take Over U.S. Government Website - PJ Media - January 5th, 2020
- Virus-Crippled Travelex Was Running Windows 8, RDP Connected to Internet - Computer Business Review - January 5th, 2020
- From the archives: Top ten WSU stories of the decade - - The Wright State Guardian - January 5th, 2020
- Down Over 30% Since August, Is Recent IPO Fastly a Buy for 2020? - The Motley Fool - January 5th, 2020
- North Dakota's building a cybersecurity operations center and everyone's invited - StateScoop - January 5th, 2020
- Quid Pro Quo the truth | Opinion - Kingstree News - January 5th, 2020
- All You Need to Know About Indias First Data Protection Bill - CISO MAG - January 5th, 2020
- Start the new year, and new decade, by making your slice of the internet more secure - SaultOnline.com - January 5th, 2020
- Cheetah Mobile (NYSE:CMCM) Stock Rating Lowered by Zacks Investment Research - Riverton Roll - January 5th, 2020
- The Army Bans TikTok - WIRED - January 5th, 2020
- Acer Introduces New TravelMate P6, a Durable and Thin-and-Light Notebook for Mobile Professionals - PRNewswire - January 5th, 2020
- Know in Depth about Internet Security Software Market Trends, In-Depth Analysis and Forecast To 2026 | Symantec, McAfee, Trend Micro, AVG - AnalyticSP - December 31st, 2019
- Staying Out Of Trouble In 2020 With New Security Practices And Human Firewalls - Forbes - December 31st, 2019
- Expansion of the Internet Security Software Market is Forecasted to Reach at Very High Rate By 2026 - Market Research Sheets - December 31st, 2019
- Bangladesh shuts down internet along India's border 'for the sake of the countrys security in the current cir - Business Insider India - December 31st, 2019
- The year in #StupidSecurity 2019's biggest security and privacy blunders - The Daily Swig - December 31st, 2019
- Together with the community, weve given away more than 100,000 for important causes - Security Boulevard - December 31st, 2019
- The Most Dangerous People on the Internet This Decade - WIRED - December 31st, 2019
- The Top Security Stories of 2019, Part Two - Foreign Policy - December 31st, 2019
- About That IoT Device You Received as a Holiday Gift... - Security Intelligence - December 31st, 2019
- China nears completion of its GPS competitor, increasing the potential for Internet balkanization - TechCrunch - December 31st, 2019
- Best Android antivirus? The top 11 tools - CIO East Africa - December 31st, 2019
- 4 Ways to Make Security Training A Priority in Your Healthcare Organization - HIT Consultant - December 31st, 2019
- Beware of the Smart Device: Ways to Stay Private and Safe - The New York Times - December 31st, 2019
- A ton of Ruckus wireless routers are vulnerable to hackers - TechCrunch - December 31st, 2019
- The MS-ISAC Helps State and Local Governments Boost Their Cybersecurity - StateTech Magazine - December 31st, 2019
- Discover Lafayette podcast with Rader Solutions' security team: Here are 9 tips to prevent data breaches - The Advocate - December 31st, 2019
- #SocialSec Hot takes on this week's biggest cybersecurity news (Dec 27) - The Daily Swig - December 31st, 2019
- Ookla Adds Free VPN To It's Speedtest App For iOS And Android - Techworm - December 31st, 2019
- How to Keep a Security Breach Out of your Internet-Connected Stocking this Christmas - Forbes - December 13th, 2019
- Internet Security Market: Deep Analysis by Production Overview and Insights 2019-2025 - Drnewsindustry - December 13th, 2019
- The Great $50M African IP Address Heist - Krebs on Security - December 13th, 2019
- Avast announces cybersecurity predictions for 2020, expects rise in mobile scams and IoT Malware - Gadgets Now - December 13th, 2019
- Office and Penetration Testing Software Increasingly Becoming Vectors for Malware - Campus Technology - December 13th, 2019
- Network attacks increased in third quarter, WatchGuard says - TechRepublic - December 13th, 2019
- What is a VPN Used for on Android? - eTurboNews | Trends | Travel News - December 13th, 2019
- Pulse Secure Partners with Nozomi Networks in IT-OT Convergence Play - Channel Futures - December 13th, 2019
- 2 Dead in Protests Over Indias Religion-Based Citizenship Bill - The New York Times - December 13th, 2019
- RIPE NCC and TRA hold roundtable in UAE on government role in Internet - Intelligent CIO ME - December 13th, 2019
- Global and Regional IT Security Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Industry PressRelease - December 13th, 2019
- How do Cypriots spend their time on the Internet? - In-Cyprus.com - December 13th, 2019
- CipherCloud and Thales Collaborate to Support Zero Trust Data Access - Business Wire - December 13th, 2019
- Malware variety grows by 13.7 percent in 2019 due to web skimmers - Eagle Online - December 13th, 2019
- Installing a Fake Internet with INetSim and PolarProxy - Security Boulevard - December 10th, 2019
- China to ban all American-made hardware and software in government and public offices - ConsumerAffairs - December 10th, 2019
- TLS 1.3 Is Coming: Here's What You Need To Know To Be Prepared For It - Forbes - December 10th, 2019
- Global Internet Security Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Breaking News Updates - December 10th, 2019
- Now, keep your data safe in a private, digital home on the internet, thanks to this tech startup - YourStory - December 10th, 2019