Crossing the biometric line

If the token is what you have and the PIN something you know, then biometrics are something you are. Few argue the technology’s potential, but it has yet to be issued on a widespread scale by organizations bolstering data security.

Dan Kusnetzky, of Kusnetzky Group in Rochester, N.Y., examines many biometric-security proposals for corporations each year. He says the technology often leaves managers with the impression that the average user will feel uneasy. Many suggest that iris capture, facial images and even fingerprinting may infringe upon employee privacy, he says. Even when privacy isn’t a concern, cost and fear of change often are.

Others, however, point to the growing use of biometrics across consumer applications and devices as a precursor to acceptance in the workplace. They also cite the fact that employers can mandate employee usage regardless of these fears.

“Some of the things I have seen in terms of coming up with new ways to ID things relate to inertia,” Kusnetzky says. “They look at the cost of that and say we haven’t had a breech yet, we can’t afford this cost right now.” Opting for inactivity, he says, is often when they get hit with a breech and this momentum shifts.

The Future

Nothing is perfect in security, but multifactor authentication seems to be among the most secure technologies available. Verizon’s most recent Data Breach Investigations Report, for example, found that out of thousands of attacks examined, less than 1% involved compromised multi-factor identification.

Will things continue as well as they have? Maybe. RSA estimates hackers pulled off a 35,000% increase in Android malware between 2011 and 2012. Among the apps: malware that steals the SMS messages on which many multi-factor technologies rely.

---

Related articles:

Anatomy of a password hack Exterminating the password Mobile payments becoming a reality