Thursday, September 23, 2021

Biometrics Not Quite Ready for the Enterprise

Little yellow sticky notes cling to computer screens throughout American

offices, displaying users’ passwords for coworkers, bosses… and

possibly hackers to see.

The passwords, generally as simple as a relative’s birthday or a pet’s

name, have long been too easy to steal, and they’re just not working

anymore, analysts say.

What’s the solution?

Biometrics and smartcards are the best solution, according to industry

watchers. But don’t throw your password away quite yet. For now, just

keep changing it every few months and rip that sticky note off your

monitor because the biometric industry may need up to five years to work

out all of the kinks.

With passwords continuing to become more of an IT security nightmare,

analysts agree something needs to change because too much vital corporate

information is at risk simply because of weak passwords. Analysts are

looking at smartcards, along with biometrics — authentication techniques

that check a person’s physical characteristics, like a fingerprint or

iris pattern — and some behavioral aspects like keystroke patterns.

”The password is becoming obsolete and hackable,” says Mike Miley, vice

president and chief technology officer for Science Applications

International Corporation (SAIC), a research and engineering company

based in San Diego, Calif. ”You never want to rely on any one identity

anymore.”

With passwords wearing out their welcome, biometrics and smartcards are

next in line.

Biometrics are just further down the road. Analysts agree that smartcards

will be more widely utilized in 2005 than biometrics. But they say the

combination of the two identity verification methods will be the most

effective way to access networks in the next five years.

Smartcards the first step

”The (smartcard) industry is a slowly building industry,” says Earl

Perkins, vice president of security strategies with META Group, an

industry analyst firm based in Stamford, Conn. ”Many computer companies

are starting to install contact or contactless readers for smartcards

right into PCs.”

But credit cards, drivers licenses and other forms of ID are lost

everyday. The smartcard holder, however, will have an easier way to get

their card back, quickly.

”You need an easy way to re-enroll or get a new card,” says David

Fisch, a consultant with the International Biometric Group, LLC, a

biometric security consulting and services firm with bases in New York

and London. ”The template takes random parts of the fingerprint and

stores it so the user can easily get a new one.”

This use of multiple forms of identification is the key to securing

privacy, analysts say.

”Combining something you have, something you know and who you are is

much stronger than anything else,” says Miley.

Richard Fleming, chief technology officer and co-founder of Digital

Defense, Inc., a security services firm based in Dallas, says biometrics

are the pinnacle of authentication.

”You are identifying the individual person by the fact that you know

that this is your thumbprint attached to your warm body. It is a step up

and beyond all other authentication methods.”

Miley says the next five years will see a large focus on identity

proofing, using the combined powers of smartcards and biometrics. He says

the cost of installing biometric tools onto PCs is coming down, which is

greatly due to the U.S. government’s interest in the industry.

”The government is dedicated to testing biometrics for large- scale

deployment,” says Miley, noting that the U.S. is interested in using

biometrics in areas such as immigration and Homeland Security.

With the government pouring money into the research and development of

biometrics, analysts say, the technology will become cheaper and more

widely used by the year 2010.

The Financial Angle

A major driver in the deployment of smartcards this year will be money,

according to industry observers.

While a smartcard with a Simchip will cost a company about $10 to $15, a

biometric devise, such as a fingerprint reader, runs at about $80 to $200

per user, Perkins says. ”When you multiply the (biometrics) costs by 10

or 30 employees, it is just not cost effective.”

Fleming says the high cost of biometrics has been prohibitive.

”Biometrics have been increasingly expensive to date,” Fleming says.

”The security component of IT budgets will increase over the next two

years to 18 months, and will continue to increase after that.”

But Fleming says the cost for companies to install biometrics has already

started to decline, and will continue in the same direction.

Fleming says the biggest challenges for biometrics at this point remain

in infrastructure and levels of standardization.

”People may not want to buy another devise and install it onto their

computer,” Fleming says. ”The industry will have to agree on what kind

of technology to deploy. If users don’t know what to use and when, they

may just decide to do without.”

Miley says while there will always be privacy concerns, the ability to

use biometrics as protection will become commonplace.

”There are lots of efforts now to use biometrics as a way to protect

one’s privacy, not as an invasion of privacy,” Miley says. ”In five

years, we will see biometrics as a primary component of security

management.”

Similar articles

Latest Articles