Biometric security gains momentum
WASHINGTON: With hackers seemingly running rampant online and millions of users compromised, efforts for stronger online identity protection — mainly using biometrics — are gaining momentum.
Biometrics, which can include fingerprints, iris scans, facial or voice recognition and other methods, got a major boost with Apple’s introduction of its iPhones with Touch ID.
Samsung followed with its own fingerprint scanner and Qualcomm recently unveiled its 3D fingerprint technology incorporated in the chips used in many mobile devices.
From major tech firms such as Google, Microsoft and Yahoo to US cybersecurity officials, consensus is growing that the simple password, often the weak link in security breaches, needs to be replaced.
“I would love to kill the password dead as a primary security method because it’s terrible,” White House cybersecurity coordinator Michael Daniel told a security forum last year.
Tens of millions of passwords have been stolen in breaches of major retailers and banks including Target, Home Depot and JPMorgan Chase. Password theft is a key element in identity theft, the biggest source of fraud complaints in the United States.
And a survey of large corporations using mobile commerce by RSA and TeleSign found around three percent of revenue lost due to fraud.
Biometrics are likely to be a major part of any new identity verification effort, says Ramesh Kesanupalli, vice president of the standard-setting Fast IDentity Online Alliance (FIDO) which now has over 170 members including makers of hardware, software and financial firms.
Kesanupalli said that even solutions that add verification on top of a password are not as robust as biometrics.
“If you don’t eliminate dependency on the password you’re not solving the problem, you are only treating the symptom,” Kesanupalli said.
He says fingerprint identification made major strides with the iPhone, and that other technologies such as facial recognition are still being improved.
Apple, in a “master stroke,” used a fingerprint ID on the home button which is already used to activate the phone, said Kesanupalli. That means consumers don’t need encouragement or special training to use it.
Additionally, e-commerce firms can piggyback onto the phone’s authentication to allow for a more secure transaction without passwords, Kesanupalli said.
And significantly, the Apple fingerprint is stored only on the device, so there is no database to be hacked.
Another important development was Microsoft’s announcement in February that it was joining FIDO and implementing new authentication methods in Windows 10 that will include biometrics.
“Moving the world away from passwords is an enormous task, and FIDO will succeed where others have failed,” said Microsoft program manager Dustin Ingalls.
International Data Corp. says some 15 percent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 percent by 2020.
Yahoo, for one, is developing new security that will eliminate passwords, according to its chief information security officer Alex Stamos.
If you don’t eliminate dependency on the password you’re not solving the problem, you are only treating the symptom.