Passwords have become real problems for system users and security experts. Recent studies demonstrate that the majority of system intrusions are due to password compromises as most users apply poor password management practices.
Many of us have a multitude of accounts that we access with a single password because we are tired of forgetting or resetting passwords and to make things even worse, we sometimes let the system save the passwords for us which adds to our security problems because anyone with access to the computer can access our accounts and that includes our cleaning crew and other visitors. Plus, many of us choose either simple passwords or write the passwords down to remember them later. When we use the same password to access multiple accounts, we expand our risk because if our passwords are stolen, hackers can access more of our accounts with just one password.
As you see, passwords can cause problems if they are not handled properly and we need to consider other solutions. In fact, Verizon’s security report stated that the number of data breaches involving stolen or weak passwords has gone from 50% to 81% during the past three years. This alarming trend clearly illustrates that today’s security isn’t working.
Before we move forward, let’s recap the three common factors used for authentication:
- Something we know (such as a password)
- Something we have (such as a smart card)
- Something we are (such as a fingerprint or other biometric method)
Biometric Authentication Solutions
To solve the password security problem, the industry is introducing new solutions such as biometric authentication and multi-factor authentication. With multi-factor or dual-factor authentication, the problem remains the same if one of the factors happens to be, you guessed it right, a password. It is often said that the weakest link in an organization’s security is its people. Here, we emphasize that the weakest link in the multi-factor authentication process is the password if it happens to be one of the authentication factors.
Biometric Authentication Benefits
The use of biometrics for authentication allows the system to identify and permit people into the system through their physical features. Typically, a biometric system scans and records your distinct features and saves them in a database, then uses the data to identify you later. Today there are various biometric identification methods, including voice, iris and retina, facial, gait, fingerprints, and vein detection. The advantages of using biometric authentication include:
- No need to remember passwords to gain access
- The authentication mechanism is strong since it is hard to replicate biological features
- It is non-transferable to other persons
Biometric Authentication Statistics
According to a report published by Spiceworks, nearly 90 percent of businesses will soon use some type of biometric technology for authentication. In fact, some 62 percent of companies already use biometrics in some form, with another 24 percent stating their intention to do so within the next few years.
Here is the breakdown:
- 57 percent of companies using biometric authentication use fingerprint scanners
- 14 percent use facial recognition
- Five percent make use of hand geometry recognition
- Three percent use iris scanners
- Two percent use voice recognition
- Two percent use palm-vein recognition
Biometric Authentication Challenges
While biometric solutions have many advantages, they also present two major biometric authentication challenges that must be considered:
Privacy and Data Breach
Biological characteristics are unique and nearly impossible to replicate, making biometrics a secure access solution. Passwords on the other hand can be shared and easily stolen by hackers because “people” manage their passwords.
Biometrics poses the challenge of privacy since the key features of recognition is exposed to the world. For example, others can record your voice, use your image without consent in facial recognition or copy your fingerprints from an object surface you have held.
If the identity management systems get compromised, hackers can leak or steal your biometric data. Since your biometric information is irreplaceable, malicious people can perpetuate criminal activities as long as they possess your data.
Biometric equipment is subject to two common mistakes, False Acceptance Rate (FAR) and False Rejection Rate (FRR). FAR is the likelihood that the system will accept an unauthorized person, while FRR is the measure of times the system rejects attempts by an authorized user.
The biometric technology works on the theory that authorized users have a high pattern score than imposters who are denied access accordingly. It implies that as the FAR declines, then the FRR rises, and the vice-versa is true. Should an imposter’s score exceed the minimum identification threshold, then access is authorized. The reverse is also true. If the authorized user scores below the maximum acceptable score, then no permission is granted.
The error rate could happen due to age, climate changes, or physical conditions. These errors can bring challenges to the entire system and lead to devastating consequences.
The good news with biometric authentication is that system users don’t have to remember or write down any password or secret information. In fact, users can access any system seamlessly by presenting the required biometrics which are unique and measurable physical characteristics such as face, hand, or fingerprint.
According to Henry Bagdasarian, “the portability of biometric authentication may present more problems that passwords because if our physical characteristic data is stolen to recreate the authentication object whether it’s our face or hand, then all of our accounts with biometric access control are at risk”. You might argue that a single password which we use to access multiple accounts can also be stolen to access our accounts however while a stolen password can be reset, a physical feature can not unless the security industry can guarantee that our biometric data can never be stolen to recreate the authentication object. “From a security limitation standpoint, someone can always threaten us to access our account with our fingerprint but the same weapon can also be used to force us to enter a password or PIN which is something the industry can not do anything about unless advanced authentication systems can sense human fear”. While the portability of biometric authentication is natural and accepted, the portability of password used to access multiple accounts is not. This is because we now know that passwords cause most security problems while biometric authentication is new and untested.
Other authentication models that the security industry is contemplating and using include knowledge-based and adaptive authentication. There is no doubt that the death of password as a single factor authentication is near but we hope that adaptive or other authentication methods do not include passwords while new solutions such as biometric authentication improve the security landscape and do not make it worse.
We cannot separate a person from their biometrics. Thus, biometric solution providers need to invest heavily in systems security to curb the challenge of privacy and data breach. Adoption of new security measures and technologies can help the industry stay ahead of fraud advancements.
The error rates in the biometric systems exists and must be addressed. It is possible to reduce this occurrence through proper examination and evaluation of data quality to reduce biometric authentication challenges.
In the wake of increased cybercrimes, companies need to safeguard their systems and data at all costs. We cannot downplay the value of biometrics in protecting our data. However, due to the challenges facing the technology, using a multifactor authentication technique will help strengthen the security of your systems.