One of the first security lessons to be learned from the loss of Malaysian Airlines flight MH370, regardless as to the actual cause, was that airlines are unable to verify the identity of those passengers they embark. Passport checks may be made, but ensuring that the holder of the travel document is the person to whom it was issued is of fundamental importance. Phil Scarfo examines the state of our ability to ensure that we can authenticate who somebody is, be they a passenger, crewmember, airport employee or other known individual, through the use of biometrics.
Few would argue against the fact that the vast majority of transactions today are between people and machines. In the early days, the problem of identity was less about security than about managing access to a shared resource. All that was required was a way to interact with mainframe computers separately. And so was born the notion (or some might say the curse) of usernames and passwords. Although this concept was not designed to serve the needs of online transactions, to this very day we remain dependent on methods and technologies that fall short of providing assured authentication or real personal identification.
So the obvious questions that emerge from this are: What are the best technologies or methods for assured authentication and personal identification in a digital world? Is assured authentication even possible? Is security the main driver for authentication? And must this be at the expense of user convenience? Are we finally at a tipping point for biometrics adoption? Is biometrics the most effective means of assured authentication? And if so, what has the industry done to address issues of performance, privacy, liveness detection and threats to loss of digital identities?
The short answers are: Yes, there is no question that we need better methods of authentication today! No, it is not necessary to trade off security for convenience! Yes, there is definitely a role for biometrics, the one authentication factor that can reliably answer the question “who”!
Because biometrics has a central role to play in today’s authentication solutions, it is important that we revisit and review the many myths and misperceptions associated with it. Many vulnerabilities have been addressed and technologies will continue to improve as biometrics move from only being a forensic tool to becoming a compelling mainstream solution as service providers begin to appreciate and fully understand that BOTH user convenience and security really matter.
Let’s begin by recognising that biometrics is not new. People have been relying on biometrics since the dawn of man. The part that is new is the automated matching of identities as modern biometrics technology has progressed from a forensics focus to one of validating user identities in the digital world. There are several technologies being used, including fingerprint, hand geometry, iris, vein pattern and facial recognition. Over the past few decades, many attempts have been made to make biometric authentication mainstream but, until recently, these have been met with numerous complications such as less-than-perfect performance and poor reliability.
[s2If is_user_logged_in()] READ FULL STORY >>> [/s2If] [s2If is_user_not_logged_in()] [message_box title=”To READ the full article in our digital edition you need to be a registered subscriber to the magazine – If you are NOT then goto the SUBSCRIBE section of the site first before you can login” color=”green”]