With technology infiltrating every aspect of modern living and our world becoming increasingly digitized, protecting confidential information becomes all the more difficult. Passwords and keys were once considered sufficient to provide data security but now they look increasingly feeble in the face of sophisticated hacker attacks. In fact, passwords are the weakest link in an organization’s security system. This is because they are shareable and even those with strong entropy can be cracked by a variety of methods. The recent reports of network security breaches and identity thefts further affirm the fact that a strong authentication method is the need of today’s time. This has put the focus on biometric security as it is the only effective way to prove an individual’s identity. Biometric traits are inherent and unique to each individual and comprise physical and behavioral characteristics such as fingerprints, face, iris, gait, voice etc. Therefore biometric security systems can verify an individual’s identity with utmost accuracy and reliability since biometric traits are part of the individual’s being.
What are the factors contributing to the rising importance of biometric security in today’s world?
The number of devices and platforms getting connected to the Internet of Things is increasing every day at an exponential rate. There are a plethora of devices such as smartphones, tablets, sensors, cloud-based services etc. sending and receiving information continuously. There is a need to keep this data out of the hands of unauthorized individuals but passwords are cumbersome and sometimes consumers use the same password for multiple devices. This makes them more vulnerable to hacking because the possibility of human error cannot be ruled out. To simply rely on passwords for authentication is very risky because they can be easily stolen, cracked or copied. Nowadays, our homes, gadgets, cars, personal computers and business servers are all hooked up to the Internet of Things and involves a lot of sensitive information sharing. Therefore, it is evident that a robust and better form of security is required to safeguard devices and sensitive data.
A two-factor authentication that uses a combination of password and token is also not sufficient to achieve the required level of security. Firstly, there is still a reliance on passwords and people tend to use common phrases or birthdays as their passwords to simplify the process of entering password information repeatedly. Secondly, in two-factor authentication users enter their password and then plug a hardware token into a device for entering an additional code. Hence this process not only takes a lot of time but if a token gets stolen then the intruder can use it to access all sensitive information. The result is that the level of security is not enough for personal computers as well as for corporate networks.
Biometric security systems can succeed where passwords and tokens have failed. It fits perfectly in this context because it is less susceptible to hacking and also cannot be replicated or stolen. Moreover it provides a lot of convenience to users by completely eliminating the need of typing in a password repeatedly into each device. Fingerprint biometrics has already made its way into smart phones and laptops for authentication. The introduction of Apple’s Touch ID has made consumers already familiar with on-device biometrics and its success has prompted other smartphone manufacturers also to integrate fingerprint biometrics in their devices.
Organizations today are realizing the advantages of using biometric security devices for protecting work computers, server rooms as well as other business assets. In a corporate environment, it is of utmost importance that unauthorized individuals are not allowed to access secure systems and networks. Moreover, due to compliance reasons it is necessary to ensure that workflow processes are followed correctly and only certain employees have access to specific files. Passwords would not be a good choice as they can be shared among co-workers. Instead, companies can use fingerprint biometrics to regulate access to a computer or server room as it will only allow the person with a positive fingerprint match.
Biometric represents the future of electronic security systems and more companies and institutions are embracing it. Windows 10 operating system has also incorporated the use of a biometric security platform. In addition to enabling authentication of authorized users this feature will also make the Windows logging process much more convenient and reliable. It should be mentioned that technology companies are not the only ones opting for biometric security. Even Yankee Stadium has joined the biometrics bandwagon with the announcement of its new hand print scanner known as Fast Access. The users will have to register beforehand and they will be able to pass through security lines much faster than earlier.
This service is also being used in airports and other stadiums across the United States. For example, biometric security systems have produced millions of verification at San Francisco International airport (SFO) since 1991. The use of biometric security devices at SFO is fully integrated into the primary access control system and spans the entire airport. It secures more than 180 doors and verifies the identity of more than 18,000 employees.
As the world gets more interconnected, there will be a need to protect more devices from security breaches in the future. Law enforcement, government agencies and banks have already migrated to biometric systems for data protection. Therefore, it is extremely likely that more organizations will follow suit in the coming years.
What are the pros and cons of biometric security?
Companies that use biometric security can gain a lot of advantages. The identification provided by biometric technologies is extremely accurate and hence guarantees secure access to sensitive information. Modalities such as fingerprints, iris and retinal scans produce absolutely unique data sets when captured properly. Once the user is enrolled into the biometric system, automated identification can be done quickly and uniformly with very minimal training. Fingerprint biometrics is a very economical user authentication technique due to its familiarity and wide availability of fingerprint devices. It takes very less time for user enrollment and verification. Moreover the storage space required to store the template is small thereby reducing the size of the required database memory.
Biometric modalities are also extremely hard to fake. These are unique to each individual and remain relatively stable throughout a person’s life. Employees in organizations will like the convenience and high level of protection that biometrics provides to their computers and files. They will be relieved from the burden of entering complex passwords or changing it frequently for security reasons. The time that was earlier needed to reset forgotten passwords can now be spent on important projects. Unlike passwords, biometric traits are non-transferable and less time consuming. The average identification time is less than 5 seconds. Other advantages include accountability and strong authentication. An individual cannot deny having taken an action as the biometric identifier is part of his or her being and virtually impossible to duplicate.
Although biometric security systems can mitigate the problems associated with the use of passwords, tokens and smart cards, these systems themselves are somewhat susceptible to spoof and link-ability attacks. For example, a fake finger created with gelatin and a plastic mold can be used to fool fingerprint recognition devices. Link-ability attacks refer to the linking of users across applications based on their biometric data.
Let us look at some of the challenges that are currently faced by biometrics security. As connectivity grows, people have concerns about the collecting and sharing of their biometric data. It is therefore in the industry’s best interest to address these privacy concerns by educating the people on how biometric technologies work. Otherwise there can be negative consequences such as the passing of Florida Senate Bill 188 that banned the collection of student biometrics throughout the state. This bill was a case of overreaction and misunderstanding regarding how biometrics could be used, how it was stored and what would happen if it gets compromised. As the public begins to encounter biometric technology that is built into consumer devices, it is essential that they understand the basic security and identity principles.
Another major challenge is the process by which the biometric trait is captured and mapped to an identity. Factors such as lack of accuracy in capturing or partial capture of data and binding can lead to failure of the system. One of the pressing challenges is also to protect the public by preventing the abuse of biometric technology. To accomplish this objective, policies and standards need to be established and that will help the application of biometrics to many emerging technologies such as Internet of Things, banking, fraud protection and connected cars. Providing adequate liveness detection in both online and remote authentication scenarios is a huge tool to fight hacker’s attempts and is important to maintain user’s trust and peace of mind when using biometric systems.
Biometric security is definitely a breakthrough in authentication systems and is becoming more prevalent and sophisticated with the technological advancements. But these systems also have their pros and cons. A solution would be to combine biometrics with multi-factor authentication leading to even a stronger security system.
If we are looking for reliable, positive and irrefutable identification biometric systems are the only strong contender. A pervasive and accountable use of biometric technology will help to combat the rising fraud in our society and also help to establish the identity of geographically mobile individuals. Biometric security systems will continue to gain attention as organizations and individuals alike look for safer authentication methods of user access, e-commerce and various other security applications.