Use of biometrics has long been touted as the best way to overcome the vulnerabilities associated with password- and token-based authentication. With nonbiometric authentication, as long as people enter the correct combination of user name and password, either memorized or generated, they are granted access, regardless of who they actually are—users are authenticated but not positively identified.
This inherent weakness is forcing companies with valuable information assets to seek better ways to control access. In this report, we examine the benefits and drawbacks of biometrics as a means of authentication, provide a snapshot of available biometric authentication technology and consider what the future may hold when it comes to this intriguing technology.
Given that biometric technology has been around for quite a while, it may seem odd that its use is not more widespread. Some of the problems are associated with the issues of accuracy and efficiency of mapping biometric data to the individual's identity.
Other factors also have slowed the adoption of biometrics, and many of them have to do with cost. The price point of technology required to implement a biometrics system fast and accurate enough to deliver an acceptable identification process has only recently dropped to levels that make it a viable option not just for government and military systems.
The costs of readers and authentication servers that process biometric data are still more expensive than alternative authentication systems such as challenge-response or one-time password (OTP) tokens. There is also the cost of enrollment, the process of adding users to the system, which is a prerequisite for any kind of authentication.
Given all of biometrics’ drawbacks, why do governments and large enterprises rely on the technology to control access to sensitive data and restricted areas, and why are smaller companies also starting to deploy biometrics?
With rising threat levels, increasing systems interconnectivity, and the mounting volume and value of data being held and shared by computers connected to the public Internet, data owners are reevaluating their access control methods. There is a growing need to go from checking that someone has the correct login information to ensuring that the person using the information is also the rightful owner of the information.
The only way to achieve this is by using biometrics. The ubiquitous user name and password combination can be too easily guessed or obtained by an adversary. Tokens such as OTP generators have an inherent weakness—they can be stolen. But criminals can’t guess fingerprints the way they can guess passwords, and users can’t forget their fingerprints the way they can forget their passwords.
Biometric systems also have lower administrative overheads: no more password resets; lost tokens; distributing, renewing and replacing tokens: or revocation procedures for lost and stolen tokens.
For a closer look at the biometric authentication options today -- including DNA profiling, ear recognition, face recognition, gesture recognition, handwriting analysis, palm scanning, typing recognition, and voice recognition -- and some recommendations on where and when to use them, download the free report.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.