Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/12/2014
03:25 PM
Marilyn Cohodas
Marilyn Cohodas
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

6 Biometric Factors That Are Working Today

From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
Previous
1 of 7
Next

Google "I hate passwords" and you'll get 3.25 million results. If that isn’t unshakeable evidence that the world is desperate for a better solution, then I will tear up all those sticky notes pasted on my laptop.

What’s the alternative? I’m putting my money on biometrics.

Yes, biometrics have been touted for a long time. But in recent years, the technology has overcome some major hurdles --  among them cost, ease of use, and access -- paving the way for some very interesting possibilities in authentication solutions that will (hopefully) relegate the despised password to the dustbin of history.

Like any security technology, there is no perfect solution. But one thing is for sure, biometrics are no longer a futuristic fantasy. There are real solutions that are working today with even more on the horizon. Let’s take a look.

At Walt Disney World, biometric measurements are taken from the fingers of guests to ensure that a ticket is used by the same person from day to day. (Image: Wikipedia)

At Walt Disney World, biometric measurements are taken from the fingers of guests to ensure that a ticket is used by the same person from day to day.

(Image: Wikipedia)

 

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Sara Peters
100%
0%
Sara Peters,
User Rank: Author
8/12/2014 | 3:53:37 PM
correct me if I'm wrong
Cool stuff, Marilyn. I just wanted to verify: in order for palm vein scanners to work, the blood needs to be flowing, right? Therefore an attacker wouldn't be able to authenticate if they chopped off the legitimate user's hand. Right? 
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 3:57:59 PM
Re: correct me if I'm wrong
You've stumped me on that one Sara! (pun intended)... I'm #scratchingmyhead tryng to envision the scenario you've just described. Interesting plot for a horror flick though!
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 4:05:35 PM
Re: correct me if I'm wrong
Check it out: http://www.biometricnewsportal.com/palm_biometrics.asp "In addition, the sensor of the palm vein device can only recognize the pattern if the deoxidized hemoglobin is actively flowing within the individual's veins." In other words, the blood's got to be flowing.

And Marilyn this whole chopping fingers off to use fingerprint scanners isn't just my own gruesome brainchild. It happened in Malaysia years ago: http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Luckily, some fingerprint scanners -- like the one on the new iphone -- only work if the finger is attached to a live body, because they detect the electricity emitted by a person's living body. http://www.webpronews.com/no-you-cant-use-a-disembodied-finger-to-get-past-the-iphone-5s-fingerprint-scanner-2013-09
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 4:08:29 PM
Re: correct me if I'm wrong
Truth is indeed stranger than fiction! thx for the gory details. 
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 4:10:36 PM
Re: correct me if I'm wrong
If I ever have a car that requires a palm vein scanner, I'll make sure I have the appropriate literature to hand to thieves when they think about taking my hand with them, and leaving me behind.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 4:12:20 PM
Re: correct me if I'm wrong
good plan. Just print out this blog and message thread and put it in your wallet near your driver's license and credit cards. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/12/2014 | 4:21:54 PM
Re: correct me if I'm wrong
The ultimate solution - unique DNA identification. Think Gattaca.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/12/2014 | 5:24:19 PM
Re: correct me if I'm wrong
I'm waiting for that eyeball scanner. So done with passwords.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:14:32 PM
Re: correct me if I'm wrong
DNA is not a bad idea that can identify the individual uniquely. The main problem for those types of solutions is the fact that we do not want to be identified uniquely for a simple reason such as logining a system.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:16:55 AM
Re: correct me if I'm wrong
If we use DNA, what about twins?
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:15:37 AM
Re: correct me if I'm wrong
Call me Mr. Sci-Fi but I would like to see authentication based on a persons unique electrical field.  Walk up to a device it detects the faint electrical field surrounding you and grants you access.
Marilyn Cohodas
0%
100%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 7:33:44 AM
Re: correct me if I'm wrong
Isn't that how Cardiac Rhythm works? That sounds like a pretty cool and promising biometric, although it sounds like it would require a wearable bracelet of some sort, which some people might find intrustive. (sigh)  No perfect solution. But we can't let perfect be the enemy of good!
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
8/18/2014 | 8:10:49 AM
Re: correct me if I'm wrong
CardicRythm is pretty close, but you are right it requires that "intrusive" wearable bracelet.  I am hoping for sensors so sensitive they can detect the minute electrical fields surrounding us all.

Yeah, I am a big nerd.....
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:18:09 PM
Re: correct me if I'm wrong
I would think fingerprint scanners have vulnerabilities, it would not be difficult to replicate it and simulate the electricity of live body.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/14/2014 | 11:33:02 AM
Re: correct me if I'm wrong
No security is fool proof, but I'm guessing it would be easier to guess (or hack) a password  a password than replicate a fingerprint. 
bpaddock
50%
50%
bpaddock,
User Rank: Strategist
8/15/2014 | 12:46:06 PM
Re: correct me if I'm wrong
For a short time period cars sold in Japan had fingerprint scanners in place of the door locks.  That technology rapidly went back to keys when thugs started cutting off fingers to steal the cars.

Show me a biometric scanner, such as one based on the eye, that will authenticate you after you've been hit in the face by an airbag in a car accident.  Airbags are *not* big fluffy pillows when you are going 50+ MPH.  How happy will you be that you can't call your family for help because your phone things they injured you, is not you?

 

 

 
bpaddock
50%
50%
bpaddock,
User Rank: Strategist
8/15/2014 | 12:46:16 PM
Re: correct me if I'm wrong
For a short time period cars sold in Japan had fingerprint scanners in place of the door locks.  That technology rapidly went back to keys when thugs started cutting off fingers to steal the cars.

Show me a biometric scanner, such as one based on the eye, that will authenticate you after you've been hit in the face by an airbag in a car accident.  Airbags are *not* big fluffy pillows when you are going 50+ MPH.  How happy will you be that you can't call your family for help because your phone things they injured you, is not you?

 

 

 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:20:02 AM
Re: correct me if I'm wrong
Call me paranoid, but I don't like fingerprint authentication.  It could be because of all of those James Bond movies but I see my fingerprint as a liability.

Let's say that someone wants to authenticate as me.  They follow me to starbucks where I proceed to buy an Venti White Mocha =), which I consume in the store.  I throw my empty container in the trash and leave.  The attacke walks over to the trash pulls out my empty container and now they have my fingerprint.
MarilynCoh
50%
50%
MarilynCoh,
User Rank: Apprentice
8/16/2014 | 1:02:54 PM
Re: correct me if I'm wrong
Ok. I concede that there is a lot of skepticism about fingerprints -- legitimate or not. But what about some of the other types? Eye, Palm, behavioral? Does any one agree with me that some type of biometric is preferable to passwords?
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/27/2014 | 12:14:47 AM
Re: correct me if I'm wrong
I still believe in the good old fashion password, but I would like to see retina scanners used. Not like Minority Report exactly, but I think as an authentication measure I find it fascinating. 

BP
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/27/2014 | 7:09:31 AM
Re: correct me if I'm wrong
It could be a combo of the "good old fashioned" password with a biometric for a while. But I still believe the future is with biometrics... especially as these factors become more common and accepted. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/12/2014 | 5:41:04 PM
Re: correct me if I'm wrong
I'm going to have nightmares about that one. =)
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:10:44 PM
Username / password old school
Thank you for sharing this article. Very informative. Username / password for credentialing will become old school very soon. We are already using picture password and two factor authentication more and more in critical systems. I am looking for those days that we can make authentication more easier for end users.
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27581
PUBLISHED: 2021-03-05
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420
PUBLISHED: 2021-03-05
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.