Endpoint
9/19/2017
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

How Apple's New Facial Recognition Technology Will Change Enterprise Security

Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

Apple's new Face ID technology promises a security revolution for iPhone users — and it also promises to change all of enterprise security, eventually. While Face ID's primary audience consists of consumers who buy iPhones, Apple has created a new paradigm for security with a safer, faster authentication system. Similar technology eventually will filter down to devices of all kinds and enable organizations to provide their employees and customers with more secure experiences, protecting their data and keeping cybercrooks at bay.

Face ID, introduced by Apple at its product launch on September 12, is a major advance in biometric authentication, both over Touch ID (fingerprint) authentication that Apple devices have used until now and over other facial recognition systems. Apple says Face ID is so accurate that the chance of another random person's face being used to unlock your phone is 1 in 1,000,000 — much better than the 1 in 50,000 unlock error rate for Touch ID. Face ID bests other facial recognition systems as well; it's the first consumer-oriented 3-D facial recognition system, beating out systems in devices such as Samsung's Galaxy S8 and Note8, which are 2-D recognition systems.

The authentication provided by Face ID certainly will prove sufficient for use by organizations as an authentication method to "prove" that a device belongs to the user. Today, however, many organizations — often because of regulations, such as for apps that can access customer account information, or at least as part of best practices — require two-factor authentication. For most organizations, that means requiring users to input a password (something users know) in order to activate an app or log in to a website from a mobile device, coupled with a second authentication factor, such as a biometric marker like a fingerprint (something users are), or a text message sent to a user's device, which consists of a code that the user must enter into a site or an app (something users have) in order to access it. 

The fact that Face ID is superior to passwords as an authentication method should come as no surprise. The vast majority of major data breaches in recent years (think Sony, Target, major banks, etc.) were due to compromising of login data and password theft. According to a study by Verizon, more than four out of five data breaches are due to stolen passwords or misused credentials; it certainly wouldn't make sense to have such a weak authentication method to access sensitive data when such a strong authentication method is used to secure the device itself!

That's why, I believe, Face ID will be the catalyst that sets off a real revolution in data authentication. If Apple can implement such a strong authentication method for its devices, organizations will be searching for something at least as strong to authenticate their data on all devices out there that don't use Face ID. 

The fastest-growing solution for user authentication in enterprises is phone authentication, in which a mobile device — instead of a hardware token or a password — is used as an authenticator. Organizations that have sought higher levels of security have already ditched passwords, turning instead to authentication systems based on devices, which are considered more secure than passwords and, for an increasing number of organizations, their primary authentication method in a two-factor authentication scheme. 

Seeking better security, more organizations will increasingly dump passwords for device authentication, a system that can be used on any mobile device; the greater security provided by Face ID will, I believe, inspire many organizations to reconsider how they approach authentication, and opt for something more secure, even on devices other than the newest iPhones. 

Fingerprints have often been used as a second factor in a two-factor scheme, but now that second factor has gotten a major upgrade, two-factor authentication based on devices and used with Apple devices that support Face ID will present a formidable challenge — enough to discourage hackers from even trying to breach an Apple device. While Face ID currently is strictly limited to some Apple devices, it's just a matter of time until 3-D face recognition as an authentication method trickles down to the rest of the industry, as the industry follows in the path of market leader and innovator Apple. 

Combining proven device authentication systems with Face ID truly is a game changer — a revolution, even — and companies seeking to improve their security systems are going to be very attracted to this winning combination. Long live that revolution, I say. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Shimrit Tzur-David is the chief technology officer and co-founder of Secret Double Octopus, the world's only keyless multi-shield authentication technology that protects identity and data across cloud, mobile and IoT environments. Shimrit has over 10 years of research ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
dsichel
50%
50%
dsichel,
User Rank: Apprentice
10/21/2017 | 2:39:56 PM
Pending Review
This comment is waiting for review by our moderators.
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.