Authentication in the modern enterprise is becoming more difficult. The risks are rising, but adding more security controls can impede workers and are difficult to integrate into legacy systems. Biometrics may be a better path to improve security while not adversely impacting the user experience. But there are risks; biometric systems are not without vulnerabilities themselves.
ABI Research has recently published an infographic showing a comprehensive view of biometric system vulnerabilities as well as a whitepaper talking to the recommendations for enterprise environments.
The traditional username-password method is entrenched in most businesses, but in desperate need of improvement. The reliance on passwords to gain access to devices, networks, and data is proving to be weaker as attackers are getting better at undermining them. Passwords can be hacked, social engineered, and are a major source of vulnerabilities. Once compromised, they open a vast number of doors for attackers.
Passwords alone are simply not good enough. Users as well as system administrators find them difficult to manage. Changing the status quo is difficult, as the majority of business processes are built to support passwords and workers typically adverse to new security practices.
Biometrics have been in use for some time in limited ways. Considerable advances have prepared the technologies to meet some of the challenges to broader adoption. These steps have created very complex ecosystems to satisfy a variety of demands. But like any technical authentication system, there are potential vulnerabilities at every step. The key to improved biometrics security may be to simplify the technology to lessen the number of vulnerable points of attack. Cost, user experience, and risk aspects must be recognized and proactively addressed for any additional controls.
Multifactor authentication reduces the risk of compromise because it does not suffer from the reliance on just one method to grant access. Attackers must compromise at least two controls. The downside is that by adding additional factors, multifactor authentication can undermine the user experience to the point of affecting productivity and acceptability. Having biometrics satisfy one of the factors in multifactor authentication holds the potential for reducing the friction users must endure, while improving the overall security of the system.
Automating the awareness of users can make authentication a seamless experience. We always carry our biometrics with us. There’s nothing to forget, lose, or break. Advanced technology can make the process even easier, such as tracking a user’s face while at work. A system can be aware so that when the user walks away the machine will lock the screen. Conversely, when the user returns, the system can recognize the face and automatically unlock the system. Such an experience is beneficial to the user while keeping the device safer.
Nobody wants to spend money on identity security. Yet there are a plethora of peripherals and secondary devices that enterprises purchase, maintain, manage, and service. Fingerprint scanners, hardware card readers, and digital USB keys are popular but incur additional costs and frustrate users who have to carry the gadgets and cables. What if devices themselves had integrated and trusted components that could do the authentication work? Specialized cameras, microphones, fingerprint scanners, and electronics to securely match the profiles on the machine may be the path forward. Hardware that is optimized and secured, supplanting the need for users to deal with secondary peripherals, could lower the overall total cost of ownership for enterprises.
Is biometrics the answer? It is certainly one answer that is growing in popularity with organizations seeking better security, employee productivity, and paths to reduce costs.
Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.