Not a Catch-all

Not a Catch-all

Businesses are relying on biometrics for additional login processes

When used effectively, biometrics can contribute to safer cybersecurity practices. By moving beyond basic password-based authentication, the technology provides a much-needed, alternative layer of security that’s often more difficult for fraudsters to hack. Across the globe, businesses are relying on biometrics to bolster employee login processes, financial institutions are leveraging the technology to verify online purchases and consumer solutions such as Apple’s Touch ID are making daily smartphone usage more seamless and secure.

ABI Research estimates that the global biometrics market will reach more than $30 billion by 2021, which marks a 118 percent increase from 2015. Despite this growing enthusiasm, though, it’s a mistake for organizations to rely solely on biometrics to keep their networks and user data secure. While the technology can add an effective, additional layer of cybersecurity, it’s not a catch-all. In fact, the very nature of biometric technology can introduce additional security gaps.

Consider the following examples of key biometrics characteristics that can lead to serious cybersecurity weaknesses:

Unreliable facial recognition. While it can be used as an effective form of authentication, facial recognition is challenging to implement because it can lead to high false positive rates. For instance, if an individual is wearing sunglasses or a new pair of reading glasses their facial scan can get rejected. Also, it can be difficult for facial recognition machines to decipher between individuals who look similarly, whether it is two separate people who look alike or the same person who appears in different photos at varying ages or lighting.

Insecure fingerprints. With biometrics, fingerprints can be used in lieu of (or in addition to) passwords. Unlike with passwords, however, users aren’t trained to protect their fingerprints, and keep them a secret. As a result, they can be very easy for hackers to steal. In fact, one hacker famously beat Apple’s Touch ID technology just one day after its release by creating a copy of a fingerprint smudge left on an iPhone screen and using it to hack into the phone.

Significant user friction. Maintaining an effective balance between strong cybersecurity and frictionless usability is critical, but it’s not easy. It’s even more difficult when it comes to invasive authentication systems like biometrics, particularly if users are already happy with the level of security they get with passcode and/or two-factor authentication (2FA) systems. Biometrics require total user buy-in, and given the added layer of personal (i.e. physical) security involved, that can be difficult to maintain.

Perhaps the most worrisome aspect of biometrics, though, is that biometric-based authentication is irrevocable. A face, voice or fingerprint can’t be discarded and replaced like a password or a credit card; it’s permanently associated with a user. And just as passwords are occasionally used across multiple accounts and therefore constantly susceptible to attacks, there will always be insecure systems that can result in a leak of biometric credentials, rendering them useless for all other systems.

ABI Research estimates that the global biometrics market will reach more than $30 billion by A more effective approach to cybersecurity relies not on one technology, like biometrics, but instead on multiple technologies and forms of intelligence. By stitching together verified user data points such as location, payment details, websites visited, login credentials or typical transaction behavior to form “digital identities,” for example, organizations can better pinpoint and transact with legitimate users. ABI Research estimates that the global biometrics market will reach more than $30 billion by Because this collected user data is unique and impossible to fake, as it leverages the infinite number of connections users create when they transact online, organizations can securely deliver more seamless user experiences and thwart malicious hackers in real-time.

ABI Research estimates that the global biometrics market will reach more than $30 billion by Basic password systems, 2FA and biometrics alone are no longer enough. To compete with the increasing resources and skills of today’s determined hackers, organizations need to think bigger and implement real-time cybersecurity solutions that leverage existing user data to quickly and accurately authenticate trusted users and effectively assess risk, before it’s too late.

This article originally appeared in the May 2017 issue of Security Today.

About the Author

Alisdair Faulkner is the chief products officer at ThreatMetrix.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3