Facing two-factor authentication | Sep16 Newsletter
After years of lectures from security experts, business IT professionals have finally begun to accept that a password alone isn't enough to secure a corporate computing account. Passwords can be cracked by brute force, lost to phishing attack, and forgotten. Security teams have tried making them stronger, only to run up against the tragic limits of the average human memory.
What’s more secure than a fingerprint?
One of the methods used to improve log-in security is multi-factor authentication. Fingerprint recognition is a common second factor.
Security researchers have proven on many occasions that fingerprint readers are subject to hacking, so what can be more secure than a fingerprint? Security vendors have begun to answer that question with other body parts that are:
- Unique
- More difficult to hack
- Possible for computer system vendors to install on workstations not purchased with spy-agency budgets
Facial recognition
The first major biometric seeing use is facial recognition. Each human face has a number of points. The size, shape, and relationship between them all is unique to each person. The sort of technology that started on social media sites (suggesting you tag friends) and in cameras (to focus on faces) has been extended and improved to recognise and verify one particular face. When it sees the right face, it unlocks the workstation.
The benefits of facial recognition for authentication
- Facial recognition can be implemented through a combination of software and hardware that most laptops already have (a webcam).
- It’s also a "low-friction" authentication method. It requires little in the way of action or time on the part of users before they're able to use the workstation.
- It’s so free of transactional friction that it's easy to use for authentication into network segments and applications.
- It's being built into a growing number of mobile devices, allowing facial recognition to be used as a single authentication component across all the devices in an organisation
Alternatives
Facial recognition isn't the only biometric authentication factor that's available, of course. Voice recognition has been used successfully, and the cost of accurate voice recognition is coming down rapidly.
Retina scans are famous for their use in high-security physical security and motion pictures. However, exceptionally accurate and secure retinal scans require expensive third-party equipment in order to function. If you're guarding a secret recipe that's the key to a multi-billion-dollar business, then it can be justified. If you're trying to keep casual thieves out of someone's email, then it may be difficult to justify with the cost of the technology in 2016.
The second factor in authentication can be more than a biometric, too. Single-use tokens, hardware tokens, and hardware keys are all possible, though each of these requires that the user keep up with a piece of hardware -- something presumably not an issue when a fingerprint, face, or eyeball is the factor.