Shall we give cybercriminals a finger?

05 May 2018 01:42 PM By Trevor

Passwords and PIN codes are not enough to protect us from cyber attacks. Multi-factor authentication (includes fingerprint recognition) is recommended in all four levels of the Australian Signals Directorate's maturity scale for implementation of strategies to mitigate the impacts of cybersecurity incidents.

Multi-factor authentication helps thwart user account takeovers and better secure the organisation.

In a modern-day implementation of the Pareto principle, quite independent of the ASD, Verizon recommends all organisations in both the finance and information services industries expend 10 - 20% of their cybersecurity budget on second-factor authentication to prevent up to 80% of security breaches that have occurred in 2017. (Average cost of a data breach in 2017 was US$3.62 million, according to research by IBM.) Verizon found that across all industry sectors, 81% of hacking-related breaches leveraged either stolen and/or weak passwords.

Compliance also drives adoption of multi - factor authentication. Security policies governing access to sensitive applications or data access are requiring a strong authentication, often via a biometric device.

There are four main biometric authentication methods or physiological modalities: fingerprint, facial, iris and voice authentication. Different vendors have several different ways of providing two-factor authentication to either application login or secondary signing. From our observations, organisations in Australia are most comfortable with fingerprint recognition for when a person is called on to perform a “secondary signing”. (Paradoxically, the same people are often uncomfortable with fingerprint recognition for primary authentication to their desktop, but this is a completely different topic).

Did you know that many biometric systems are inherently imprecise? For example, biometric authentication systems typically operate on a range of acceptable values, and, when you establish your biometric credentials you must record them several times. Based on this, the system accepts the acceptable range for your biometrics. Specific to fingerprint recognition, between 90% - 95% of the population must re-establish fingerprint credentials every two years to reset the acceptable range.

For long-term precise biometrics, DNA sequence matching provides a near exact match and palm vein matching is good throughout a person’s 18 to 70 age range. Though who would provide a blood or saliva sample to use a computer? (Some computers and applications I have had to use seem to demand blood to achieve results!)

The FIDO Alliance helps drive open authentication standards, with benefits such as easing an end - user’s privacy fears by enforcing a rule that facial images and finger & palm impressions must never leave the mobile device to be stored on a server somewhere.

Despite all the interwoven aspects just mentioned – inherent imprecision, privacy fears and systems standards – certain biometrics such as facial recognition and fingerprint recognition are likely to remain favourable for quite some time.

Identity Solutions have solved security challenges for many organisations. This is because we follow a rule of thumb that a solution, including multifactor authentication, shall not impede access by end users while at the same time must be:

  • Secure
  • Simple to use
  • Extensible to the entire organisation
  • Super intelligent (adaptive)

Want to Find Out More?

Please contact us if you wish to understand how your organisation can drive better security and benefit from our expertise and years of experience in the security field.