Biometric authentication: the key to keeping businesses and users happy?

You’re already paying for biometrics in business laptops, so is it time for your business to start using them?

Fingerprint and barcode

Even when there isn't a scare about whether hardware tokens like RSA's SecureID might have been compromised, two -factor authentication still means a physical device your users can lose as well as a password they can forget. Biometric authentication is more convenient - it's hard to leave your finger or voice at home. It's also potentially more secure employees are less likely to log someone else in with their own biometrics unless there's a serious threat to their safety, which is a different problem entirely.

Advertisement - Article continues below

Fingerprint-based biometric solutions are the most common form. Many business laptops and keyboards have a fingerprint reader built in that you can use for federated single sign-on to enterprise apps as well as just logging into Windows and saving passwords for websites. Fingerprints can be used as an additional security measure that doesn't interrupt what the user is doing the way having to swipe a token or smartcard again does. If you want to make bankers re-authenticate to authorise a stock trade over a certain level, you need to do it quickly enough that the trading situation doesn't change.

Other systems scan vein patterns in the finger (Hitachi) or the palm of the hand (Fujitsu). They can still recognise a user if they have a cut on their finger - dirt and antibacterial hand gel also cause problems for fingerprint readers in industrial locations - but you'll need to buy, install and integrate them. Having users register a couple of fingers on each hand is usually enough to avoid the issue in a business environment.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Facial recognition and iris scans still tend to be either too unreliable or intrusive for general use and voice print recognition has some interesting applications, especially for customer-facing operations that have the scale to make the cost and complexity of implementation worthwhile. But the majority of biometrics in use today involves fingerprints for PCs and many other devices.

Every prescription written in the state of Ohio requires strong authentication and one of the popular methods is fingerprint recognition. That's carried out on the PC but adding fingerprint authentication to printers means confidential documents won't be sitting waiting on the printer for anyone to pick up as they walk past, and swiping a finger is less irritating for the kind of senior staff who need to print such documents rather than having to remember a PIN or token. You'll need to integrate this with a document security system. As an example, Ricoh recently added a fingerprint option (for both new and already installed printers) that works with Equitrac document protection software and BioStore's identity management system.

Advertisement - Article continues below

Biometrics aren't just useful for protecting confidential data. Construction firm Killby & Gayford is using custom fingerprint readers (built for personnel management software supplier Simeio by Psion) that also record a signature. That means the firm can accurately log hours worked by sub-contractors on building sites and automatically generate invoices, as well as proving that workers have read the safety rules for each site and simplify checking the roll call if there's an emergency. Using the information to generate accurate invoices has avoided concerns about spying on staff by showing the system is useful to everyone. But, equally, productivity has improved too.

Convenience is a big part of the attraction for healthcare, along with security and compliance. "A doctor logs on and off 20 or 30 times a day," points out David Ting, the chief technology officer (CTO) of Imprivata. "If I only need to log in occasionally, I'm prepared to put up with any login method. But if I have to do this repeatedly, give me something that is secure enough but at the same time make it easy for me."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Retailers and restaurants are increasingly deploying biometric point of sale (POS) terminals to improve productivity, especially in situations where there are a lot of cash sales and temporary staff the usual alternatives of video surveillance and analysing transactions tend to be expensive, time consuming and don't make employees feel personally accountable.

Tokens are easy to pass back and forth between staff (and expensive to replace if an employee takes one when they leave) and passwords need to be reset regularly because of staff turnover. In addition to recording hours worked more accurately, the accountability of biometrics discourages unauthorised transactions or outright fraud. Hospitality businesses often see a return on investment in as little as 30 days. It also helps the business comply with PCI regulations for handling credit cards, which include giving each employee a unique ID.

Many cash registers let you connect a fingerprint reader as an internal module or a peripheral. Hertfordshire pub chain Giant Macaskills recently installed Unipower's touchscreen Bar POS system in its bars and Unipower integrated Digtial Persona U.are.U fingerprint readers into the terminals. DigitalPersona has a OneTouchfor Windows SDK that simplifies adding biometrics to existing apps, and the DigitalPersona Pro server is available both as a workgroup system that supports authentication through a web service without Active Directory (AD) or requiring devices that are connected to a domain.

Advertisement - Article continues below

There's also an enterprise version that integrates with AD by extending the schema, which can be centrally managed through group policy along with the rest of your systems. That means businesses can set the same identity and authentication system in the retail environment and the back office for invoicing and accounting. German bank Sparkasse has recently used the DigitalPersona system to move all internal users to biometric authentication for Windows as well as hundreds of applications.

Advertisement
Advertisement - Article continues below

The alternative is an appliance like Imprivata's OneSign which works with identities from AD and LDAP. You need to deploy agents to PCs and set up policies to enforce biometrics but you don't have to make any changes to the directory infrastructure or AD schema, which some companies find disruptive.

Fingerprint and hand biometrics have another advantage; you can use them for access to more than PCs and devices. A unified authentication and access control system lets you limit entry to specific areas, or if you want to use contextual security that stops a user logging into a PC if they haven't actually been registered as coming through the door into that area.

Advertisement - Article continues below

That's also handy if someone tries the common trick of setting off a fire alarm to empty the building so they can get access to corporate PCs - people don't always stop to log off when they think there's a fire. A system like Overtis that links your physical security system to biometric access controls on computers will automatically lock them down in the case of an alarm sounding.

Voice biometrics are useful for remote authentication, like adding a level of security to self-service password resets - and with the spread of smartphones you can do it without the cost of buying devices like fingerprint readers.

HTK's Horizon Password Reset service, for example, only accepts calls from approved numbers and uses voice verification with pre-enrolled pass phrases. There are also fall back options of PINs and text messages for approval. It's a hosted solution that HTK can customise to integrate with AD or LDAP and the company is working on out-of the box integration.

Advertisement - Article continues below

Estimates of the IT cost to manually reset a password range from 30 per password to 92 per user per year depending on your environment. If you use fingerprint biometrics, you can avoid having a password to reset altogether.

Advertisement
Advertisement - Article continues below

If you want to try something much more experimental that could become mainstream fairly quickly, the Mobio project at the University of Surrey has facial and speech recognition apps for the iPhone aimed at improving security for consumers. Some call centres are also looking at using voice recognition to avoid fraud. ValidSoft can confirm user identity from a voice print and also confirm their location from the mobile phone mast they're connected to.

Although it takes greater investment in the backend systems, one advantage of voice biometrics is your users almost certainly already have smartphones you can use instead of having to buy dedicated hardware. This makes it a more acceptable choice for services as well.

Advertisement - Article continues below

"As smartphone ownership becomes more commonplace we're likely to see biometrics being deployed through these devices," said Alex Bazin, head of biometrics at Fujitsu. "This will most likely be using voice biometrics to secure access to cloud-based services."

Historically, biometric progress has been hindered by integration complexity and cost. There's also a psychological issue around storing and tracking users with such personal information.

But systems don't need to store live biometric data that could be retrieved and misused. Instead they store a detection pattern that the fingerprint is compared against which can't be used to generate a copy of the fingerprint. The database of that information should be stored in a secure and encrypted manner.

The way that the fingerprint recognition is presented has a big impact on how users feel about it. "If you have a system that shows a live video of their fingerprint users tend to bristle because it draws attention to the privacy issue," added Ting. For many users, as long as your system is set up in a secure and privacy respecting way and the authentication doesn't feel intrusive, the convenience of biometrics will more than outweigh any concerns.

Advertisement - Article continues below

Biometrics isn't the solution to every problem though. Sometimes it's overkill and you'll want a system that allows a mix of authentication methods. And it's down to businesses to decide what they want to achieve, according to Ting.

"You need to decide if your goal is to be ultra secure or to get a combination of security and productivity or just to make it more convenient," he added. "You have to think through what you're trying to secure. What is the impact on my user, what is the impact on my IT department?"

With increasingly simple and inexpensive biometric solutions, even small businesses look set to benefit. Once set up, a biometric-based solution gives you secure authentication with little on-going management, according to Benjamin Boulnois of DigitalPersona.

"If you have a 200 person company the IT manager has to be a jack of all trades. The question they ask is How do I do data security easily?'" he said.

"The average IT manager has 11 minutes of spare time a day. These are people whose job is not to be in security."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
Visit/software/video-conferencing/355180/zoom-does-not-use-end-to-end-encrypted
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020
Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020