IT security teams are never in a fair fight: They must defend all possible entry points, while an attacker only needs to find and exploit one weakness or vulnerability to breach a network's defenses. This asymmetry highly favors attackers, particularly when it comes to networks and resources protected by inherently weak password-based authentication systems. As a result, many enterprises are moving to two-factor authentication because it makes credential abuse-based attacks less of a threat, as obtaining a valid password is no longer enough to gain access to a network or account.

However, two-factor authentication(2FA) schemes are only as secure as their weakest component. For example, hardware tokens depend on the security of the issuer or manufacturer; in 2011, security company RSA reported that its SecurID authentication tokens had been hacked. SMS-based 2FA has also been found to be vulnerable to a number of attacks, and the National Institute of Standards and Technology now recommends that it should no longer be used in 2FA tools.

The whys of biometric authentication methods

The presence of high-quality cameras, microphones, and fingerprint readers in modern devices is making biometric authentication methods and tools a viable option in 2FA. They offer frictionless authentication, and people are becoming familiar with using their fingerprint, voice or face to unlock computers and mobile devices; 16- to 24-year-olds actually feel more confident in the security of biometric authentication methods than PINs and passwords. Cars are also coming equipped with cameras and image sensors. Various manufacturers are already working on using facial recognition to replace the traditional car key.

Several banks have introduced voice recognition-- a behavioral biometric as opposed to a physiological one like a fingerprint -- to offer a quick and easy way for customers to identify themselves. The technology can filter out background noise, detect voice recordings and is not confused by temporary changes to a voice caused by a blocked nose or sore throat. Voiceprints are made up of over 100 unique characteristics, such as pronunciation, emphasis, speed, accent and the influences of physical elements of a person's mouth and throat -- like the length of the vocal tract and the shape and size of the mouth and nasal passage.

A big advantage of behavioral biometrics is that the identifiers can be discreetly monitored in real time to provide continuous authentication, instead of a single one-off authentication check during login. By monitoring behaviors such as typing rhythm, mouse movements, voice, gait and gestures to see if anything looks suspicious, an attacker is put in the position where one mistake will give their presence away, completely reversing the asymmetric relationship between defender and attacker. It's similar to antifraud systems that compare a card purchase against previous spending patterns.

Advantages of biometric authentication methods

Because they eliminate the need to remember dozens of different passwords for different digital services, biometric authentication methods do generally improve the user experience. British multinational bank Barclays has said the time taken to verify customers' identities has fallen from 90 seconds to less than 10. Voice may well become the most common form of customer authentication, as voice command-based user interfaces make more sense than touch interfaces in many situations.

Biometrics and beyond: Online authentication techniques get personal

Yet like any form of authentication, overall security depends on how well these systems are implemented. Biometric behaviors are shaped by social and psychological factors that make them unique, but it's not impossible to fool a biometric check. An HSBC customer's twin brother managed to access his bank account when the system let him repeatedly attempt to mimic his voice. Biometric authentication may be the answer, but implementation is everything.

Learn more: education@dcstopeka.com

Dynamic Computer Solutions of Topeka, Inc. 2214 SW 10th Avenue, Topeka KS 66604 Phone: 785-354-7000  -  E-Mail:  info@dcstopeka.com http://www.dcstopeka.com/