Baffled by biometrics

Looking at two-factor authentication and identity and access management last week, it seemed that there is a much more modern method of login that is perhaps possibly used even less.

The concept of biometrics is pretty straightforward from an end-user perspective: you scan or swipe and access is granted or denied as appropriate. From an administrator point of view, this makes life easier when it comes to controlling access, but could present some security problems.

In the past SC has considered whether there is a flaw in biometric authentication if the data was hacked, but could this advanced technology be a solution for technophobic employees?

This week I met with DigitalPersona, a provider of fingerprint biometric solutions. Its regional manager for EMEA, Ben Boulnois, claimed that there is a big gap in technology, as people struggle to programme a DVD player, let alone manage multiple passwords and logins.

Jim Fulton, vice president of marketing at DigitalPersona, said that strong authentication is generally used to achieve better security or compliance. He said that the company's aim is to bring strong security and authentication to the people who have not had that before.

“People have a right to claim services to which they are entitled and biometrics is the easiest way to exercise that right. It is often about saving and not security, but it has cut password reset calls from 800 to zero with one customer and enables a teller in a bank to help customers,” he said.

I asked if, like two-factor authentication, this technology is purely the realm of internal business rather than business-to-consumer? Fulton said that the use of software on employee facing applications was most common and it was not often consumer facing.

With laptops now becoming common hosts for biometric authentication, I asked if mobile devices could be the next device to be utilised for this? Fulton said that Motorola has the mass market in this area and he knows of other companies that are working on voice biometrics.

“I also expect to see face recognition come about. Apple's FaceTime has set the bar and it makes sense for them to extend it to biometric authentication. I have had some vendors talking about biometrics in remote controls and toys, there are many angles that are starting to come into play and security is one, but efficiency is another,” he said.

“Technology needs to adapt to people, not the other way around and biometrics is an extension of that. Passwords are an unnatural act.

“It is all about trying to help businesses know who you say you are and we are seeing early systems that offer an alternative to passwords. In time there will be a different variety of technologies, but it is about how strong you want the system to be and how much you want to impose on the user.”

It was suggested to me recently that authentication methods will allow a door to be opened and a desktop to be started up in the same action, but this would be a concern if that smartcard were to end up in the wrong hands. Such a theory may become reality, as the beginnings of Mission Impossible-style technology may not be far off.

close

Next Article in Security Cats Blog

SC Webcasts UK

Sign up to our newsletters

FOLLOW US