Since ancient times, passwords have been used as a form of identity. Passwords offered the ability to validate someone based on something supposedly known only by the individual or group.
However, the days of the password serving as a viable method of identification are behind us. Anyone can “steal” a password. Once you gain someone’s password, you (for the sake of argument) become them.
To prevent that from happening, we started to ask for another layer of validation, and hence two-factor authentication was born. This method adds to the password something you 1) have, 2) know, or 3) are.
The “have” came in the form of a very expensive token around which we built infrastructure. These tokens used an algorithmic number that displayed at set intervals. This practice was considered safe for a long time…until a major provider had its “seed” files stolen.
The “know” came in the form pictures, graphics or questions known only by the user. This method worked out quite well assuming the user was the only one who knew his/her high school sweetheart, favorite color or mother’s maiden name. That was until the database housing all of those answers was stolen.
So where does that leave us in our evolution of authentication?
With technology advancing at such a rapid pace, how can we create a frictionless world where we can move about, authenticate without a password that anyone can steal and use, or a token that could be lost or stolen (and if you’ve ever lost a token, you know what it’s like to be in the VPN Siberia, unable to log in). In the wake of these failing methods, the something you “are” factor is gaining popularity.
Biometrics are becoming the authentication tool of choice for many enterprises because it is the pinnacle of “something you are.” What is more ‘you’ than your fingerprint, retina scan, venous image through your finger, your voice inflections or even the cadence of your typing. You are uniquely you. There may be half-hearted attempts to replicate your biometrics, but these efforts are weak at best.
This new method of authentication is gaining traction in both private and public sectors. Many financial institutions are implementing biometrics to secure mobile applications that provide the user with convenience and efficiency. Additionally, several states have seen a significant drop in public assistance fraud when they implemented biometric/fingerprint scans for applicants.
Biometric credentials are frictionless. You don’t leave them at home, they can’t get lost and it takes a considerable amount of effort to replicate them. For years, the biometric ID belonged to the government. They used fingerprints to identify criminals and to validate the identities of their employees. Your biometric belongs to you and a new day is upon us.
Technology has advanced to the point that the infrastructure to support multi-factor biometric scanning (you must present a matching fingerprint and retina scan for example) has become a reasonable expense for the enterprise. Soon you may see a completely paperless experience at places like the airport. From check in to security to boarding, you will eventually be identified by your biometric “ID.”
Passwords may have been around since man began to communicate but biometrics have been around since the beginning of man. The future of biometrics is bright.
Security Current
Security Current improves the way security, privacy and risk executives around the world collaborate to protect their organizations and their information. Its CISO-driven proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.
