Security Market Segment LS
Thursday, 11 August 2022 08:51

The rise of biometrics, and why is it safer than passwords, according to Ping Identity

By

Eighty-one percent of hacking-related breaches use stolen or weak passwords, according to American software company Ping Identity.

Due to the obvious flaws in the traditional ways of accessing devices and apps, Ping Identity has assessed the rise in biometric data use, questioning if it is really more secure, and the impact it will have on the way we store and use our personal data.

In the three years leading up to 2022, the number of Gen Zs who fell victim to online scams rose by 123%.

While this generation of digital natives is often perceived as the most tech savvy, digitally literate age group, the rise in Gen Z falling for online scammers is reflective of higher levels of comfort in online spaces, often leading to unforeseen financial and emotional harm as a result.

It has become increasingly clear that passwords alone no longer make the cut in terms of device security, Ping Identity said.

Ping Identity highlighted the following:
1. Biometric data is being used for a whole range of different purposes, with over 75% of Americans having used biometric technology

2. Thirty-eight percent of people already using face authentication to access their mobile banking app.

3. Thirty-seven percent of those over 40 feel safer using biometrics for security than before the pandemic.

The prevalence of online fraud and cybercrime continues to increase worldwide, growing at a rapid rate by the year.

The general consensus in recent years is that enhanced levels of cybersecurity must be built on zero trust and passwordless authentication.

Rather than a continued reliance on passwords, security tools are employing users’ biometric data to prove that the person, and their device, is legitimate.

Types of biometric information
Common, widespread uses of biometrics include fingerprint and facial recognition, which almost any modern mobile phone or electronic device will have as an option.

Unlocking your phone or laptop simply by looking at it, or even speaking to it, is now the absolute norm. As this technology continues to progress, expand, and evolve, any security issues directly linked to these methods are often overlooked.

We all know the importance of securing login information. Keeping many usernames and passwords safe has become second nature to users and with identity fraud losses totalling out at US$52 billion ($74.8 billion) in 2021, it is now more important than ever that we achieve added levels of online safety.

Now that biometric data is being used more frequently to access our online accounts, how is this information actually being stored?

It begs the question of whether biometric data is actually as safe as we would like it to assume, and are there any ways to enhance levels of security of our biometric data, questions Ping Identity.

How is biometric information captured?
Distinctive biometric traits are used to confirm the identity of the user. While they must be unique to the individual, it is also important that they are permanent and unchangeable, allowing for long-term access, as well as possessing measurable and collectable properties.

The current, commonly captured biometric data includes:
1. Fingerprint templates
2. Iris and retina templates
3. Voice print
4. 2D or 3D facial structure maps
5. Hand and finger geometry maps
6. Vein recognition templates
7. Gait analysis maps
8. DNA profiles
9. Behavioural biometric profiles

When combined, these characteristics make biometric data one of the most effective means of identifying users. The unique characteristics give biometrics such high levels of reliability for users.

It simply isn’t possible to forget or lose our fingerprints in the same way we might forget a username or password.

The future of biometric data
While the commonly used types of biometric data are well known to us, there are also a range of other biometrics that are being implemented on a smaller scale. Although not widespread in terms of their use, some of these surprising biometric applications are set to be implemented in the future! These include:

1. Body odour, unique chemical footprints each person carries with them
2. Ear print or structure, which doesn’t change with age
3. Gesture recognition, already part of Windows 10
4. Lip prints, as each person has a unique pattern of lip grooves

How is biometric information stored?
As users cannot change their biometric data that is obtained by unauthorised parties, it is extremely important that it be handled with the utmost care.

Why are biometrics safer?
Companies such as Apple have decided that they will phase out passwords altogether, and Google Chrome's password manager is due to get desktop biometric authentication very soon.

Due to concerns surrounding data breaches, social engineering, or phishing attacks these companies who lead the way in terms of smart at-home devices believe this will reduce the risk of your identity, personal information, and finances being compromised.

Biometric technology follows a number of steps in ensuring your data remains secure.
1. Capturing the information is the first step towards using biometric information for identity authentication.
2. It is then converted to a mathematical rendering known as a biometric template, referenced against the live version presented by the user.
3. This converts or copies specific characteristics of a biometric sample into a secure form, taking the image or sample out of the equation and replacing it with a binary mathematical equivalent or algorithm.

These steps make it nearly impossible to replicate biometrics, discarding the image of a fingerprint, iris or any given characteristic while the live version is compared in real time to the captured characteristics.

How is biometric data stored?
Unlike passwords, biometric data is usually only stored on a user’s device. No external devices, databases or servers can access the data, eliminating any single collection point where a hacker might steal it.

In the unlikely event that someone did gain access to a device’s biometric data, it is impossible to reverse engineer the conversion that created it to produce an image that will be recognized and accepted by a biometric sensor.

Any sensor on a device has a file where the biometric template is stored. This file is protected by a randomly generated key encrypted into the system.

Biometric data is usually stored securely using one of these methods:
1. On a device
2. On a portable token
3. On a control board
4. On a biometric database server
5. On both a server and a device
6. Split across multiple pieces of hardware

What are the risks when storing biometric data?
Although seen as the most secure form of storing data, there still are some risks. How secure your biometric is will depend on how you store it. All storage methods mentioned above use encryption to protect biometric data.

This is a secure means of storage, although anything that is encrypted can be decrypted. Encrypted data is only as safe, secure and trustworthy as the users who have access to it.

Convenience levels
Device storage is far more secure than storage in a database. Although databases can be convenient and cost effective, with large numbers of biometric templates for users, databases can be an attractive hacking target. If hacked, large volumes of data become immediately vulnerable. Encryption is key and can be a big help, but the key to risk reduction. is having control over who has access to data and how they are using it.

Protecting your biometric information
The market for biometrics, such as facial recognition, is estimated to grow US$7 billion ($10 billion) by 2024.

Around 28% biometric technology is used in the US by the financial sector and more than 60% of payment transactions using biometric authentication will be carried out remotely.

As biometrics use becomes more common, your personal traits are likely to be stored in a growing number of places. It is important for users to stay vigilant about biometric security. Here are some things to consider when providing your biometric information.

How to use biometrics securely
There are some key ways in which you can use biometrics in a safe and secure manner.

1. Don’t provide a piece of biometric information without carefully considering the need to do so, determining the track record of any entity asking you to provide it.
2. Don’t hesitate to ask questions and express concerns.
3. If you are uncomfortable providing your information to a device, a service, a product, or an organisation, don’t give them any of your information, biometric or otherwise.
4. Follow familiar, basic security and privacy recommendations that were widespread before most users even knew biometrics was a thing.
5. Continue to use strong passwords and change them periodically.
6. Be sure to keep your device software current so that you get the latest updates and patches, which often address security flaws.
7. Pay particular attention to your operating system and internet security software.

This first appeared in the subscription newsletter CommsWire on 10 August 2022.

Read 1174 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Kenn Anthony Mendoza

Kenn Anthony Mendoza is the newest member of the iTWire team. Kenn is also a contributing writer for South China Morning Post Style, and has written stories on Korean entertainment, Asian and European royalty, Millionaires and Billionaires, and LGBTQIA+ issues. He has been published in Philippine newspapers, magazines, and online sites: Tatler PhilippinesManila BulletinCNN Philippines LifePhilippine StarManila Times, and The Daily Tribune. Kenn now covers all aspects of technology news for iTWire.com.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments