Home > Today's Headline News

By Jim Fulton

As we surround ourselves with more and more electronic devices, the task of ensuring the security and privacy of digital assets becomes ever more important.  Recent headlines on lost corporate data and the increase of compliance regulations requiring companies to secure access to data are giving organizations good reason to re-examine their security policies and procedures.  Identity and access management have been at the forefront for some time now, with the weaknesses of traditional methods such as passwords, PINs and smart cards becoming more apparent.  Biometrics are moving into the mainstream to solve these identity and authentication problems, but unfortunately, traditional methods still remain the most pervasive tools used to secure digital and corporate assets.

TRADITIONAL METHODS

The problem with passwords, PINs and smart cards for ID verification is that in order to remain secure, they rely on individuals using them correctly 100 percent of the time.  Passwords, for example, are the most common method of authentication, but are vulnerable for a number of reasons.  It has been shown that people regularly choose passwords which are very easy to guess.  These will generally follow the same pattern and often are something personal such as a date of birth or the name of a family member or pet.  Users will also use the same password for a number of different systems and applications.  These practices counteract all of the recommended procedures which are intended to keep networks secure.  Individuals are encouraged to use a variety of passwords for different systems and make their passwords more obscure, but even observing these guidelines can cause problems.  By making passwords more complex, the chances of them being forgotten or written down dramatically increases.  Writing down passwords, another common practice, presents an additional threat to security, and the increase in forgotten passwords becomes a drain on resources.  It is estimated that 25-50 percent of help desk calls are for password resets, and each of these resets can cost between US$20-US$30.

Smart cards are no better than passwords, and suffer from the same fundamental flaws.  Neither method can guarantee that the person accessing a network is legitimately authorized to do so.  There is nothing to stop employees from sharing passwords and smart cards.  A major concern is that if one’s identity cannot be verified, there is less of an incentive for users to be accountable for their actions, thereby increasing the probability of an internal attack.  The truth is that a potential attacker only needs one password or smart card in order to use other methods to gain access to data and systems.  One password failure may be sufficient to compromise overall security on every system to which the user has access.  It’s a scary thought, but digital and corporate assets are only as secure as your least responsible user.

BIOMETRIC AUTHENTICATION

These weaknesses in current authentication methods have brought biometric authentication to the forefront as a realistic alternative.  Biometric security, the measurement of a unique physical characteristic, is significantly more secure than other methods of authentication for one simple reason.  It is not based on something you remember (a password), nor is it based on something you have in your possession (a smart card) - a biometric is based on something you are.  A biometric cannot be guessed, shared, written down, forgotten or lost, and it ensures that authentication is not vulnerable to the fallibility of the person using it.

The added-accountability which biometric authentication provides is especially useful in helping organizations comply with the increasing level of corporate governance and industry regulations.  Biometrics provides irrefutable user-unique audit trails that can track which data has been accessed, when and by whom.  Additionally, certain biometric solutions provide users with the capability to encrypt and decrypt data simply by touching a fingerprint reader.

Biometrics is also in use to prevent the loss of critical data in the mobile enterprise.  Organizations across all industries from retail to healthcare to financial institutions have been victims of recent data loss as a result of lost or stolen digital assets.  To combat this mobile workforce threat, biometrics are increasingly being used to secure access to digital assets.  Fingerprint readers can be found in mobile devices including notebook computers, PDA’s, mobile phones and even USB sticks.

FINGERPRINTS, PEOPLE’S FAVORITE

At present, fingerprint authentication is proving to be the most popular form of biometrics with many users believing it to be the most practical and efficient, as well as being the least intrusive of the biometric technologies.  Fingerprints are instinctively easy to use, and simplify the roll out of otherwise difficult measures such as strong passwords, multi-factor authentication, and transaction-level security.  Fingerprint authentication safeguards access to an enterprise’s digital assets because it links individual people to specific actions.  This technology has been successfully adopted in a diverse range of sectors including retail and finance.  The retail industry has found fingerprint biometrics particularly useful for reducing shrink at the cash register due to theft and fraudulent voids or returns.  In addition, using biometrics for time and attendance at point-of-sale terminals eliminates buddy punching (logging in for a colleague who is not present) and lollygagging (employees logging in but then wasting time before actually starting work).  A number of financial institutions around the world have begun to adopt customer facing biometric solutions.  In Mexico, Banco Azteca is using fingerprint biometrics for much more than just identity verification.  Banco Azteca uses fingerprint readers to biometrically register new customers allowing them to conveniently review balances, track transactions, withdraw cash, transfer funds and exchange currency.  Internally, staff use fingerprint identification for time and attendance control, access to the bank vault and even to pay for meals at corporate restaurants.

THE GROWTH

With the proliferation of enterprises and vertical industries adopting biometric solutions, it’s not surprising to find that the technology is spreading to the consumer side.  There is a growing inclusion of fingerprint readers in computer notebooks.  Twenty million notebooks with fingerprint readers were shipped in 2007, and an estimated 30 million will ship this year.  Many experts believe that within two years every new notebook as well as a significant portion of keyboards used with desktop computers will contain a fingerprint reader.

Biometric authentication is recognized for providing unrivalled ease of use and increased security.  In fact, according to the International Biometric Group (IBG), the market for biometrics is expected to more than double from US$3 billion in 2007 to US$7.4 billion by 2012.  The implementation of a biometric solution is providing organizations with transaction-level security for better data-loss prevention and compliance, as well as a significant savings by reducing help desk calls for forgotten passwords.  As enterprises across multiple industries steadfastly adopt fingerprint biometrics, the road is being paved for mainstream adoption among consumers. 

We can confidently predict that it is only a matter of time before placing your finger on a biometric reader will feel more natural than typing a password or PIN.

Jim Fulton is Vice President of DigitalPersona (www.digitalpersona.com).