Page 80 - Cyber Defense eMagazine - November 2017
P. 80
BIOMETRIC BEST PRACTICES
In the identity-based world we live in, passwords seem to hold the key to our identities. But with
a majority of Americans (64 percent) personally experiencing a data breach, our long held
tradition of safeguarding our wealth and personal information using a secret word or phrase is
being turned on its head.
This past September, Deloitte was hit by a cyber-attack, compromising the emails of some of its
blue-chip clients. Hackers had access to information including usernames, passwords and IP
addresses. It’s been reported that the hacked account only required a simple password. Hacks
such as Deloitte and others underline the utmost need to ensure the safekeeping of information.
Enter biometrics. By leveraging your face, voice, eyes and behaviors, biometrics is upending
our world and is helping us reclaim our right to our rightful identity. So much so that biometrics
has entered the mainstream in today’s society, being adopted by big companies such as Apple
(new Face ID) and Amazon (Alexa).
In order to implement biometric systems, there are do’s and don’ts that need to be considered.
In the end, the most important thing is the consumers. They need to feel safe and trust
biometrics to be their new form of identity and there are certain steps that can do just that.
Here are some best practices:
1. Take a platform approach: The best way to incorporate biometrics into an existing
infrastructure is to take a platform approach to the consumption of biometrics into
applications – meaning that you don’t just focus on one type of biometric or one piece of
hardware. Whether you’re a financial institution or data center, by taking a platform
approach, biometrics can continue to innovate and evolve. Many might fall into the
pattern of using simple point-to-point integration which only causes a piece of code to
become frozen in time and bound to a single biometric. Developers will pick a favorite
biometric and stick with it, but by using a platform approach, systems can integrate one
biometric and then easily add on additional methodologies.
2. Incorporate risk-based authentication: Multi-factor authentication is not enough in
order to eliminate spoofing from the biometric space. Critics of biometrics will point to
spoofing, which is defined as the ability to imitate or fool a physical security application.
As we’ve all encountered, one study by Keeper Security found that more than 80 percent
of people reuse the same password across multiple accounts showing that convenience
will trump security any day. Higher risk transactions such as a bank wire transfer for
$10,000 should not be given the same weight as lower risk transactions, for example
sending your coworker $5 for the coffee they bought you. Instead, the focus should be
on the relationship between risk and trust. For higher risk transactions, multi-factor
authentication using multiple biometrics and liveness detection can create the most
80 Cyber Defense eMagazine – November 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.
