Not a Catch-all

Not a Catch-all

Businesses are relying on biometrics for additional login processes

When used effectively, biometrics can contribute to safer cybersecurity practices. By moving beyond basic password-based authentication, the technology provides a much-needed, alternative layer of security that’s often more difficult for fraudsters to hack. Across the globe, businesses are relying on biometrics to bolster employee login processes, financial institutions are leveraging the technology to verify online purchases and consumer solutions such as Apple’s Touch ID are making daily smartphone usage more seamless and secure.

ABI Research estimates that the global biometrics market will reach more than $30 billion by 2021, which marks a 118 percent increase from 2015. Despite this growing enthusiasm, though, it’s a mistake for organizations to rely solely on biometrics to keep their networks and user data secure. While the technology can add an effective, additional layer of cybersecurity, it’s not a catch-all. In fact, the very nature of biometric technology can introduce additional security gaps.

Consider the following examples of key biometrics characteristics that can lead to serious cybersecurity weaknesses:

Unreliable facial recognition. While it can be used as an effective form of authentication, facial recognition is challenging to implement because it can lead to high false positive rates. For instance, if an individual is wearing sunglasses or a new pair of reading glasses their facial scan can get rejected. Also, it can be difficult for facial recognition machines to decipher between individuals who look similarly, whether it is two separate people who look alike or the same person who appears in different photos at varying ages or lighting.

Insecure fingerprints. With biometrics, fingerprints can be used in lieu of (or in addition to) passwords. Unlike with passwords, however, users aren’t trained to protect their fingerprints, and keep them a secret. As a result, they can be very easy for hackers to steal. In fact, one hacker famously beat Apple’s Touch ID technology just one day after its release by creating a copy of a fingerprint smudge left on an iPhone screen and using it to hack into the phone.

Significant user friction. Maintaining an effective balance between strong cybersecurity and frictionless usability is critical, but it’s not easy. It’s even more difficult when it comes to invasive authentication systems like biometrics, particularly if users are already happy with the level of security they get with passcode and/or two-factor authentication (2FA) systems. Biometrics require total user buy-in, and given the added layer of personal (i.e. physical) security involved, that can be difficult to maintain.

Perhaps the most worrisome aspect of biometrics, though, is that biometric-based authentication is irrevocable. A face, voice or fingerprint can’t be discarded and replaced like a password or a credit card; it’s permanently associated with a user. And just as passwords are occasionally used across multiple accounts and therefore constantly susceptible to attacks, there will always be insecure systems that can result in a leak of biometric credentials, rendering them useless for all other systems.

ABI Research estimates that the global biometrics market will reach more than $30 billion by A more effective approach to cybersecurity relies not on one technology, like biometrics, but instead on multiple technologies and forms of intelligence. By stitching together verified user data points such as location, payment details, websites visited, login credentials or typical transaction behavior to form “digital identities,” for example, organizations can better pinpoint and transact with legitimate users. ABI Research estimates that the global biometrics market will reach more than $30 billion by Because this collected user data is unique and impossible to fake, as it leverages the infinite number of connections users create when they transact online, organizations can securely deliver more seamless user experiences and thwart malicious hackers in real-time.

ABI Research estimates that the global biometrics market will reach more than $30 billion by Basic password systems, 2FA and biometrics alone are no longer enough. To compete with the increasing resources and skills of today’s determined hackers, organizations need to think bigger and implement real-time cybersecurity solutions that leverage existing user data to quickly and accurately authenticate trusted users and effectively assess risk, before it’s too late.

This article originally appeared in the May 2017 issue of Security Today.

About the Author

Alisdair Faulkner is the chief products officer at ThreatMetrix.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.