The Token-less Solution to Eradicating Passwords

The Token-less Solution to Eradicating Passwords

The Token-less Solution to Eradicating PasswordsIn light of the recent Target and Nordstrom security breaches – as well as dozens of others that have occurred in the past couple of years – companies have been scrambling to find the best security technology. Companies are exploring options from standalone iris-scanning devices and biometric tokens to implementing more complicated passwords as a barrier to entry. In a world where security measures are always changing, but to date, have failed to keep our identities safe, what is the best way to keep our personal material truly secure?

For many people, convenience is the most important aspect of any new technology. How can it make our lives a little bit easier? Can it help us to save a precious few minutes in our busy days? When companies develop new technology to maintain our privacy and security, though, convenience is often the first feature to be disregarded.

Luckily, we have reached a point in our technological advancements where security and convenience can coexist, and the reality is that it doesn’t involve another password, key fob, access card or username. The solution is what I like to call “token-less.”

To date, many companies have been relying heavily on the use of tokens as a means of identity assertion – need I remind you of what happened to RSA? These tokens are not only burdensome to the user – another thing to purchase, carry and try not to lose – but they are often also expensive at a corporate level. The omnipresence of these tokens is of concern, because they are repeatedly lost, stolen or hacked. It’s time that we learn our lesson.

Biometrics – The Pros and Cons

Today, there are two types of biometric identity assertion systems that exist for consumers: biometric tokens and integrated biometric platforms. Both methods acquire biometric information from the user, but the means of acquisition and level of security are where these two technologies differ.

Of the two, biometric tokens are the most problematic option for more reasons than the requirement of buying a new gadget and carrying an extra piece of hardware. Tokens can also be easily lost or stolen, creating an unnecessary inconvenience for the user. Once the biometric token is obtained by a hacker, it can be easily spoofed, and the user’s information is no longer secure. This, in turn, diminishes both the convenience and security for the user as a result.

So, what can we do to eradicate tokens? Studies from Ericsson and PayPal have shown that biometrics on smartphones are the preferred means of identity assertion. The main reason for this is the fact that we already carry with us all of the necessary hardware, making it the most convenient solution. The successful adoption of a product and continued support by consumers is always going to be centered on convenience. Users want their identities to be secure, but surprisingly, not at the cost of their convenience.

The Solution

The Token-less Solution to Eradicating PasswordsAt this year’s CES, Hoyos Labs introduced a solution to address this issue. This solution will enable consumers and corporate users to assert their identities securely, accurately and conveniently without additional hardware. Hoyos Labs’ HoyosID is a free app that utilizes smartphones as biometrics acquisition devices through using an app that runs on iPhones and Androids. Instead of using usernames and passwords, users can log-in with biometrics – including periocular, iris and facial – and their smartphones and nothing else.

When a user clicks on a webpage’s log-in, the HoyosID app is automatically opened on the smartphone. After acquiring iris biometrics, the app logs-in the user in under 30 seconds. If someone other than the authorized user tries to access the phone’s information, the HoyosID intrusion detection system blocks the attempt.

Unlike most hacks that we hear about on the news, which result in millions of consumers being breached at once, the HoyosID architecture forces hackers to first appropriate the smartphone and then attempt to hack one user at a time. For this reason, it is essential to have an end-to-end biometric solution that possesses a secure back-end, which is where biometric solutions that are hardware alone tend to fail.

By using iris and periocular biometrics, people can perform a variety of tasks on their smartphones including the ability to make financial transactions quickly, seamlessly and securely. These daily tasks that require us to log-in with a username and password often take up more time than we may realize, especially when we forget our log-in information. The eradication of these small inconveniences will add up to a lot more for the consumer, especially when the ease-of-use enhances security.

For those who wish for a day when biometric solutions are both secure and convenient that time has finally come. Identity assertion and authentication now successfully combine biometrics and smartphones, moving technological progress forward toward a future without passwords or tokens.

About the Author

Hector Hoyos is CEO of Hoyos Labs.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3