Relying on passwords as the sole means of authentication is a serious problem. Passwords and similar outdated credential methods are being blamed for 80% of hacking-related breaches, according to the latest figures from Verizon’s 2019 Investigations Report (DBIR).
They are inadequate to today’s security needs.
Accelerating Digital Security Progress
Jason Tooley, Chief Revenue Officer at Veridium explained that password protection was a solution adopted for processes that date back a quarter of a century and don’t fit the needs of today’s digital ecosystem.
As mobile devices with their access to digital transactions grew, so did fraudulent transactions, he explained. The challenge became working through the need for “digital engagement” with that of a strong “authentication process” that makes it possible to reduce risk.
Until fairly recently, Tooley recounted, larger vendors, including Microsoft, declared that the death of the password was still a decade off. They didn’t believe that the technology needed for a password-free approach would be able to be put in place more quickly than that.
However, the huge number of security breaches has made it obvious that we need to find more secure solutions now. “Weak passwords and SMS with one time passwords” pose too great a risk today, inviting entry through that weak link in the chain of security.
And attitudes have recently changed. Microsoft has shifted toward the position that “passwordless is feasible.”
Still, accoding to Tooley: “A lot of confusion persists.”
What does Biometrics mean?
Biometrics is a technological and scientific authentication method based on biology and used in information assurance (IA). Biometric identification authenticates secure entry, data or access via human biological information such as DNA or fingerprints. (Read Biometrics: New Advances Worth Paying Attention To.)
There are a number of different types of biometrics available with their own pros and cons. The advantage of digital fingerprints, Tooley explained, is that "they can be compared with external database sources, which makes them very popular.”
While voice is being embraced for authentication over the phone, it carries some challenges because of interference from background noise. There are also challenges associated with using facial recognition because of problems with lights, etc.
There is yet another form of biometrics.
“Behavioral biometrics is getting a lot of interest from clients,” Tooley said. It takes into account things like the fact that no two people hold their phones in exactly the same way to identify the unique grasp of the user as a biometric marker. Sensor technology combined with analytics can then use that identification information to ascertain if the user is the authorized person or not with high accuracy.
Tooley also noted that whichever biometric marker one selects, the important thing is to use the right biometric technique for the right use scenario to build consumer confidence around using biometric authentication.
Accessibility Vs. Security
Those who use smartphones may already be using some form of biometrics for accessibility, but that is not the same as the use of biometrics for security, Tooley clarified. That’s because those forms of biometrics are in place to: “Make it simpler to access the services without verifying the identity of the individual.”
In those cases, the biometrics provide no greater barrier than do passwords or PIN. Tooley added that consequently, the risk of phishing and other cyber breaches or fraud that exist in password use would not be eliminated.
Biometrics and Multi-Factor Authentication
When the goal is for biometric technology to enhance security, it has to be used in combination with other safeguards to achieve true multi-factor authentication (MFA). (Read Why is multi-factor authentication an important component of cybersecurity?)
The idea is that the difficulty of hacking into something becomes exponentially more difficult when there is more than one security feature in place.
Tooley listed three that should work together to achieve greater security without impairing the user experience.
- Possession of the device to initiate access to the digital service.
- Biometric authentication, whether it’s the form of a fingerprint, voiceprint, facial recognition, or even the distinctive way the individual holds the device.
- A layer of artificial intelligence that has the ability to understand data associated with the user’s location, behavior and relevant habits to be on alert if the action doesn’t fit with that.
Of course, balancing the need for security with the demand for user convenience also has to be considered, and Tooley believes the triple-layer solution is the best solution for hitting that balance. He’s optimistic that adoption of MFA will lead not just to increased security but also :a great user experience and increased productivity.”
“That combination of possession, biometrics, and intelligence is the way to really strengthen identity in transactions,” Tooley declared.
“That’s where the market’s really moving towards.”