Delfigo Security - Strong Authentication

  • Increase font size
  • Default font size
  • Decrease font size
Home Strong Authentication
Strong Authentication

Do You Trust Apple's Touch ID?

Do you trust Apple's Touch ID?

Click here for a poll where readers are asked to state whether they "trust" the Touch ID feature which is is available on the latest iPhones and iPads. With the release of iOS 8, the Touch ID APIs were made available for developers, meaning that the use of Touch ID will be possible in apps, not just on Apple's devices. However, users are still hesitant, as recent news of high profile breaches are bringing to light how easy it can be to get user data and use it for nefarious purposes. One of the dangers of fingerprint and other similar biometric technologies is that they cannot be changed - and can be permanently compromised. Still, where many users seem to be hesitant even as Touch ID is presented as a more secure alternative to a traditional password or PIN, many others are ready to embrace new authentication technologies.

 

Are We Ready for the Biometrics Revolution?

Biometrics are poised to become a widely accepted way to secure devices and applications, and in many cases to replace "traditional" authentication methods such as passwords and tokens. The Washington Post discussed this "biometric revolution" and asked whether we are really ready for the paradigm shift it will bring.

As we collectively adopt this new technology, it is crucial to remember how it differs from what we are accustomed to in terms of it not being "something we know" (like a password or PIN) or "something we have" (such as a token, smart card, QR code...). Biometrics by their nature are something we "are", which makes them perfect for authenticating the user's identity, but challenging to manage and maintain as both a provider and as a user. As a user, I can't "reset" my fingerprint (without some serious effort), and once it's compromised, that's it. New technologies will be needed to handle the issues biometric authentication introduces, and perhaps as importantly, new discussions on how it should be used will be needed. This includes a critical discussion related to privacy and identity, once users start authenticating with something they "are".

 

Are Biometrics Cool Again?

The Atlantic says biometrics can be cool again.

Citing a Google study that explores use of voice searches, two of the most common answers to the question "Why do we use voice search" were "it's cool" and "it's safer". 89% of teens and 85% of adults also said "it's the future".

With highly visible security breaches happening alongside the release of new technology to enable us to do more and more with our devices, many organizations are embracing the idea that biometrics may well be a real answer to the tough question of how to secure the many things we want to be able to do with our phones, tablets and laptops. If biometrics can be used to successfully lessen the risk associated with using apps we love, and can improve our experience while we use them, that would definitely be...Cool.

 

Is a Combination of Authentication Methods the Right Approach?

It seems that we're always recovering from, or hearing about, the latest security breach or vulnerability. This week it was Home Depot, who announced that they have "have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers. The rollout of enhanced encryption to Canadian stores will be completed by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology".

One of the most powerful elements of EMV is the fact that it combines authentication methods to strengthen the security of a transaction. Passwords themselves have taken a beating as a standalone authentication method, with many organizations choosing to deploy second or multi factor authentication, and some choosing to forgo passwords all together. Biometrics are emerging as an answer to the "Password Problem", offering a unique credential that represents something the user "is" instead of something they "know" (which can be discovered, and reused by a bad actor), but each method has its drawbacks. This article discusses the good and bad of each method, and  argues that a secure transaction may well require multiple methods at once to be optimally secure.

This idea is a compelling one, especially if the combined solution can offer an elegantly simple end user experience. Biometrics may be an ideal "enhancement" for authentication precisely because of what they are - something the user "is" (nothing to remember, receive, carry, or otherwise maintain). As we continue to discuss how to enhance security, the conversation will likely become one of the best combination of methods, instead of any one method, for security.

 

Are Biometrics Having a Moment, or Are We Waking Up to Their Value?

One of the big announcements Apple made this week along with it's latest iPhone release and its new smart watch was a mobile payments platform which combines existing Apple features, support from major banks and retailers, and Apple's fingerprint authentication. Is this an indicator that biometrics are finally reaching a place of widespread acceptance?

One of the major roadblocks when it comes to universal acceptance and widespread adoption of biometric technologies has traditionally been the costs associated with distributing, maintaining, and collecting the technology and data required to perform biometric identification. With built in software and hardware, the Apple has met this challenge head on by integrating biometric authentication into an extremely popular device and baking it into software that performs a critical function. This is a huge step forward for biometric technology on the path to ubiquity.

iPhones aside, where are we, really? "...there is no blanket acceptance of all biometrics – users have a preference for which types are used and how they are used. One study found the most acceptable application of biometrics was for passports (75%) or ID verification (53%) in official contexts, with credit card verification around 56%. Users were most accepting of fingerprint, hand, voice and keystroke/signature recognition (over 90%), with one third considering iris and retina recognition as potentially risky to their health" says this article discussing the rise of biometrics. Increasing awareness of biometric technologies, combined with an increasing collective acknowledgement of the danger of fraud in our everyday lives will push adoption forward.

The key could well be identifying the best use cases possible, where biometric authentication enhances, instead of detracts, from user experience. Apple realizes that mobile is one such use case, and that payments is an area where authentication is both required, and in need of an overhaul. Biometrics as an elegant solution to a real problem is a significant step forward for the industry and the space. It won't be long before adoption becomes more widespread, with Gartner predicting that 30% or more of users with devices connected to enterprise networks will be using biometric authentication by 2016.

 


Page 2 of 12