In a previous post we explained why security experts recommend the use of multifactor authentication to reduce the risk of a security breach. Multifactor authentication uses two or more independent credentials to verify a user’s identity before allowing that user to access a network. This security measure helps to overcome sloppy password practices. Most people continue to ignore recommendations to make usernames and passwords complicated, avoid using the same password for multiple sites, and change passwords frequently.
In fact, a recent survey from Gigya found that more than two-thirds (68 percent) of respondents won’t create an account if a website has complex password requirements. To be fair, it’s not exactly realistic to expect people to keep track of all their usernames and passwords. This explains why more than half (52 percent) of respondents to a PYMNTS.com survey would prefer biometrics for authentication rather than passwords. According to the Gigya study, eight in 10 respondents also believe biometrics are safer than passwords.
Biometrics, primarily used for user authentication and access controls, is the measurement and analysis of a person’s biological traits and behaviors. While millions of people may use “123456” as a password, no two people have the exact same physical characteristics. Visual biometrics include the identification of fingerprints, eyes, ears, all facial features, or even vein patterns. Chemical biometrics typically involve DNA identification, while olfactory biometrics identify users based on smell.
Similarly, no two people exhibit the exact same behaviors. Behavioral biometrics are capable of identifying a user based upon their typing rhythm, gate, voice, gestures and handwriting. For example, algorithms are capable of learning a person’s typing habits and detecting unusual patterns or anomalies. All users have to do is be themselves.
Rather than using a username and password as a one-time authentication step, biometric identifiers can deliver ongoing authentication. For example, if someone walks away from a computer or mobile device while logged into an account, biometrics would detect the use of that device by another user. Multimodal biometrics uses multiple biometric technologies instead of one, making the system more reliable and less prone to fraud than systems that identify a single characteristic.
Despite the upgrade that biometrics represents over passwords, there are limitations. Records of biometrics such as fingerprints exist in a number of databases. If one biometrics characteristic is compromised, it could put personal or corporate data from other sources at risk. Also, most biometric data is not only personally identifiable, but permanent. As such, simply using biometric data can be risky. You can change a compromised password or account number, but you can’t change a compromised fingerprint. However, these limitations should not stop you from using biometrics as part of a multifactor authentication scheme as long as biometric data is encrypted and securely stored.
Don’t let weak and redundant passwords put your company’s data at risk, and don’t let overly complex password requirements frustrate users. Let Atlantic-IT.net, your outsourced IT department, help you implement biometrics in a way that improves security and makes life easier for users.