Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/12/2014
03:25 PM
Marilyn Cohodas
Marilyn Cohodas
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

6 Biometric Factors That Are Working Today

From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
6 of 7

Cardiac Rhythm

Anyone who has visited a friend or loved one in a hospital is familiar with electrocardiogram (ECG) readings. While there is nothing groundbreaking about ECGs, what is putting them on the biometric map are tiny sensing devices than can connect your unique heart activity and electrical signals to wearable systems such as a Nymi wristband, which can recognize an individual based on his distinct cardiac rhythm.

How does Nymi work? According to a company whitepaper, the same electrical signal that doctors read can be picked up by simple connection to the wrists and hands. The basic requirement is two points of contact that cross the heart to complete a circuit. The device does not collect medically valid ECG information, but it is sufficient for biometric authentication as well as heart rate monitoring, according to Nymi.

6 of 7
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Sara Peters
100%
0%
Sara Peters,
User Rank: Author
8/12/2014 | 3:53:37 PM
correct me if I'm wrong
Cool stuff, Marilyn. I just wanted to verify: in order for palm vein scanners to work, the blood needs to be flowing, right? Therefore an attacker wouldn't be able to authenticate if they chopped off the legitimate user's hand. Right? 
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 3:57:59 PM
Re: correct me if I'm wrong
You've stumped me on that one Sara! (pun intended)... I'm #scratchingmyhead tryng to envision the scenario you've just described. Interesting plot for a horror flick though!
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 4:05:35 PM
Re: correct me if I'm wrong
Check it out: http://www.biometricnewsportal.com/palm_biometrics.asp "In addition, the sensor of the palm vein device can only recognize the pattern if the deoxidized hemoglobin is actively flowing within the individual's veins." In other words, the blood's got to be flowing.

And Marilyn this whole chopping fingers off to use fingerprint scanners isn't just my own gruesome brainchild. It happened in Malaysia years ago: http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

Luckily, some fingerprint scanners -- like the one on the new iphone -- only work if the finger is attached to a live body, because they detect the electricity emitted by a person's living body. http://www.webpronews.com/no-you-cant-use-a-disembodied-finger-to-get-past-the-iphone-5s-fingerprint-scanner-2013-09
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 4:08:29 PM
Re: correct me if I'm wrong
Truth is indeed stranger than fiction! thx for the gory details. 
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
8/12/2014 | 4:10:36 PM
Re: correct me if I'm wrong
If I ever have a car that requires a palm vein scanner, I'll make sure I have the appropriate literature to hand to thieves when they think about taking my hand with them, and leaving me behind.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/12/2014 | 4:12:20 PM
Re: correct me if I'm wrong
good plan. Just print out this blog and message thread and put it in your wallet near your driver's license and credit cards. 
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
8/12/2014 | 4:21:54 PM
Re: correct me if I'm wrong
The ultimate solution - unique DNA identification. Think Gattaca.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/12/2014 | 5:24:19 PM
Re: correct me if I'm wrong
I'm waiting for that eyeball scanner. So done with passwords.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:14:32 PM
Re: correct me if I'm wrong
DNA is not a bad idea that can identify the individual uniquely. The main problem for those types of solutions is the fact that we do not want to be identified uniquely for a simple reason such as logining a system.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:16:55 AM
Re: correct me if I'm wrong
If we use DNA, what about twins?
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:15:37 AM
Re: correct me if I'm wrong
Call me Mr. Sci-Fi but I would like to see authentication based on a persons unique electrical field.  Walk up to a device it detects the faint electrical field surrounding you and grants you access.
Marilyn Cohodas
0%
100%
Marilyn Cohodas,
User Rank: Strategist
8/18/2014 | 7:33:44 AM
Re: correct me if I'm wrong
Isn't that how Cardiac Rhythm works? That sounds like a pretty cool and promising biometric, although it sounds like it would require a wearable bracelet of some sort, which some people might find intrustive. (sigh)  No perfect solution. But we can't let perfect be the enemy of good!
Robert McDougal
100%
0%
Robert McDougal,
User Rank: Ninja
8/18/2014 | 8:10:49 AM
Re: correct me if I'm wrong
CardicRythm is pretty close, but you are right it requires that "intrusive" wearable bracelet.  I am hoping for sensors so sensitive they can detect the minute electrical fields surrounding us all.

Yeah, I am a big nerd.....
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:18:09 PM
Re: correct me if I'm wrong
I would think fingerprint scanners have vulnerabilities, it would not be difficult to replicate it and simulate the electricity of live body.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/14/2014 | 11:33:02 AM
Re: correct me if I'm wrong
No security is fool proof, but I'm guessing it would be easier to guess (or hack) a password  a password than replicate a fingerprint. 
bpaddock
50%
50%
bpaddock,
User Rank: Strategist
8/15/2014 | 12:46:06 PM
Re: correct me if I'm wrong
For a short time period cars sold in Japan had fingerprint scanners in place of the door locks.  That technology rapidly went back to keys when thugs started cutting off fingers to steal the cars.

Show me a biometric scanner, such as one based on the eye, that will authenticate you after you've been hit in the face by an airbag in a car accident.  Airbags are *not* big fluffy pillows when you are going 50+ MPH.  How happy will you be that you can't call your family for help because your phone things they injured you, is not you?

 

 

 
bpaddock
50%
50%
bpaddock,
User Rank: Strategist
8/15/2014 | 12:46:16 PM
Re: correct me if I'm wrong
For a short time period cars sold in Japan had fingerprint scanners in place of the door locks.  That technology rapidly went back to keys when thugs started cutting off fingers to steal the cars.

Show me a biometric scanner, such as one based on the eye, that will authenticate you after you've been hit in the face by an airbag in a car accident.  Airbags are *not* big fluffy pillows when you are going 50+ MPH.  How happy will you be that you can't call your family for help because your phone things they injured you, is not you?

 

 

 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
8/16/2014 | 10:20:02 AM
Re: correct me if I'm wrong
Call me paranoid, but I don't like fingerprint authentication.  It could be because of all of those James Bond movies but I see my fingerprint as a liability.

Let's say that someone wants to authenticate as me.  They follow me to starbucks where I proceed to buy an Venti White Mocha =), which I consume in the store.  I throw my empty container in the trash and leave.  The attacke walks over to the trash pulls out my empty container and now they have my fingerprint.
MarilynCoh
50%
50%
MarilynCoh,
User Rank: Apprentice
8/16/2014 | 1:02:54 PM
Re: correct me if I'm wrong
Ok. I concede that there is a lot of skepticism about fingerprints -- legitimate or not. But what about some of the other types? Eye, Palm, behavioral? Does any one agree with me that some type of biometric is preferable to passwords?
Bprince
50%
50%
Bprince,
User Rank: Ninja
8/27/2014 | 12:14:47 AM
Re: correct me if I'm wrong
I still believe in the good old fashion password, but I would like to see retina scanners used. Not like Minority Report exactly, but I think as an authentication measure I find it fascinating. 

BP
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
8/27/2014 | 7:09:31 AM
Re: correct me if I'm wrong
It could be a combo of the "good old fashioned" password with a biometric for a while. But I still believe the future is with biometrics... especially as these factors become more common and accepted. 
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
8/12/2014 | 5:41:04 PM
Re: correct me if I'm wrong
I'm going to have nightmares about that one. =)
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/12/2014 | 6:10:44 PM
Username / password old school
Thank you for sharing this article. Very informative. Username / password for credentialing will become old school very soon. We are already using picture password and two factor authentication more and more in critical systems. I am looking for those days that we can make authentication more easier for end users.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I can't find the back door.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21275
PUBLISHED: 2021-01-25
The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of Medi...
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting