• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Log In
  • Member Registeration
  • Account
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

FindBiometrics

FindBiometrics

Global Identity Management

  • Biometrics
    • What are Biometrics?
    • FAQ
    • Biometric Associations
    • Companies
    • Premier Partners
  • News
    • Featured Articles
    • Interviews
    • Thought Leadership
    • Podcasts
    • Webinars
    • Year in Review
  • Applications
    • Biometric Security
    • Border Control and Airport Biometrics
    • Consumer and Residential Biometrics
    • Financial Biometrics
    • Fingerprint & Biometric Locks
    • Healthcare Biometrics
    • Justice and Law Enforcement Biometrics
    • Logical Access Control Biometrics
    • Mobile Biometrics
    • Other Biometric Applications
    • Physical Access Control Biometrics
    • Biometric Time and Attendance
  • Solutions
    • Behavioral Biometrics
    • Biometric Sensors and Detectors
    • Facial Recognition
    • Biometric Fingerprint Readers
    • Hand Readers & Finger Scanners
    • Iris Recognition
    • Biometric Middleware and Software
    • Multimodal Biometrics
    • Physiological Biometrics
    • Smart Cards
    • Vein Recognition
    • Voice and Speech Recognition
  • Stocks
  • Events
  • Companies
  • Podcasts

On-Device Authentication Month: The Post-Password Internet

May 10, 2018

Let’s be honest: while the proclamation of the password’s death came frequently over the past four years, outmoded text-based security has refused to stay in the ground. If the password was dead in 2014, then it is now an undead monster, omnipresent and dangerous, in need of a full-on purge. We need a cure for the undead password, putting our twelve-character security corpses to rest so we can build a safer and more convenient digital community.

For a long time, FIDO standards have been heralded as the cure to the password problem, and now, thanks to the WebAuthn and CTAP standards introduced as components of FIDO2, there is finally a delivery method for bringing strong online authentication to everyday internet users.

On-Device Authentication Month: The Post-Password Internet

The Password Has Failed

On-Device Authentication Month: The Post-Password InternetPasswords have failed us for longer than we’ve had viable alternatives. By their very nature, strings of alphanumeric characters just aren’t secure. Completely knowledge based, passwords can be shared, deducted, stolen, guessed and hacked without any physical intervention. In the world of the internet that means anyone, anywhere can potentially gain unauthorized access to secured accounts.

But susceptibility to IT villainy is only half of the story. Because passwords are vulnerable to hacking, an evolving set of best practices has emerged to make the average password just difficult enough to crack that it’s not worth the time of a hacker. Every user should never reuse passwords, which should all be at least 12 characters long and contain uppercase letters, lowercase letters, numbers and symbols. They should not contain or be based on words found in the dictionary (swapping es with 3s, doesn’t cut it). The best passwords are nearly impossible to memorize individually, and given the fact that the average internet user has multiple password protected accounts for banking, music streaming, email, cloud storage, food delivery, online shopping, retail loyalty programs, movie streaming, app stores, social media and more, the task of committing so many obscure codes to memory is herculean.

Survey findings from Digital Guardian taken from a sample of 1,000 randomly selected Google users in 2017 revealed that 61 percent reused passwords across multiple accounts. It’s no surprise why that’s the case. IBM’s 2018  Future of Identity Study, based on survey results taken from nearly 4,000 adults in Europe, Asia and the US showed that, especially among younger Millennials, convenience is paramount in the login process.

Replacing Passwords

On-Device Authentication Month: The Post-Password InternetBiometrics solve all of the password problems, and  consumers understand this. The research report Mobile Biometrics in Financial Services: A Five Factor Framework conducted by Mastercard and University of Oxford’s Department of Computer Science showed 90 percent of its 449 person survey sample believe biometric security is better than passwords. Once again, the conclusion follows directly from the very concept of the authentication type.

As a biological identifier biometrics can’t be shared or guessed or hacked in the traditional manner. The closest equivalent of a traditional password crack attack is the presentation attack or spoof in which a bad actor creates a false body part modelled after the user in order to perform their identity and bypass the biometric security. The highest profile version of presentation attacks are conducted on iPhones whenever Apple’s smartphone line undergoes a biometric upgrade, for instance, last autumn a research lab by the name of Bkav used expensive and painstakingly constructed masks to spoof Face ID on the iPhone X.

Where on-device authentication goes even further in this regard, is it removes all risk of a remote hacker. Because the template storage and matching process happens within a secure element on the device being used to authenticate, a hacker can’t simply scrape photos from your Facebook profile and present them to their own webcam in order to gain access to your online banking. Any wannabe fraud must not only create a working spoof of your face, but the must also steal your physical device that you use to authenticate for that specific service. Given that individual banking credentials barely fetch enough on the black market to cover the cost of materials to spoof an iPhone X, let alone the time and risk of nabbing your phone, there is little to worry about in terms of becoming a random victim.

The New Online Experience

On-Device Authentication Month: The Post-Password InternetThe security aspect aside, the post -password internet is simply going to be more user friendly. Biometrics are intuitive, easy to use and impossible to forget. Last week, Twitter sent a message to every single one of its users, owning up to a security mishap that left passwords exposed on an internal database. As a result, they recommended a password change. Sure enough, because most users access Twitter via an always signed-in mobile app, they couldn’t remember their initial passwords in order to authorize their new security code. I was among these users and sure enough I had to do the cumbersome ‘forgot password’ reset involving email and second factor authentication, as well as updating my password manager apps. If biometrics secured my app, none of that would have happened. And if those biometrics were on-device, Twitter’s incompetence wouldn’t have affected me in the first place; a breach of their servers means nothing to the user whose credentials are in a secure element.

The change will feel natural and come as a relief. WebAuthn is supported by Microsoft Edge, Mozilla Firefox and Google Chrome, meaning that support for device-based authentication can be built into the very browser most users use to access their accounts in the first place. FIDO2’s CTAP standard, meanwhile, takes advantage of the familiarly in biometrics brought about by the mobile revolution that kicked off five years ago. Biometric authentication is available on all phones, and soon, those phones that are FIDO compatible will be used to login to the currently password protected spaces.

In the end,the post-password internet will be less frustrating. We live on the internet, and the restricted spaces where we expect privacy should be treated like our private spaces in the real world. We demand at least second factor security for our front door, our mailbox, and our office, and now we will finally have that same assurance and convenience for our email, bank accounts, and social spaces.

*

Stay posted to FindBiometrics throughout May as we continue to bring you more On-Device authentication Month coverage. Be sure to sign up for our upcoming webinar, Preparing For a Post-Password Internet, for an in-depth and interactive discussion on the topic with an expert panel.

On-Device Authentication Month is made possible by our sponsors: Nok Nok Labs, Aware, Inc., and Daon.

—

May 10, 2018 – by Peter B. Counter

Related News

  • IDEX Biometrics Targets Eastern Europe With E-Kart PartnershipIDEX Biometrics Targets Eastern Europe With E-Kart Partnership
  • Citing ‘Societal Concerns’, Facebook Dials Back Facial Recognition, Looks to On-device ApproachCiting ‘Societal Concerns’, Facebook Dials Back Facial Recognition, Looks to On-device Approach
  • Biometric Screening Specialist CLEAR Files to Go Public on NYSEBiometric Screening Specialist CLEAR Files to Go Public on NYSE
  • ZKTeco Celebrates Cricket Tourney FinalZKTeco Celebrates Cricket Tourney Final
  • Tascent Partners with IEG to Provide Biometric Access to Airport LoungesTascent Partners with IEG to Provide Biometric Access to Airport Lounges
  • CBP’s Biometric Tech Catches Two More Imposters at Dulles AirportCBP’s Biometric Tech Catches Two More Imposters at Dulles Airport

Filed Under: Featured Articles

Primary Sidebar

Identity is Shaping Air Travel – Time to Invest

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

TECH5 logo

TECH5 is an international technology company founded by experts from the biometrics industry, which focuses on developing disruptive biometric and digital ID solutions through the application of AI and Machine Learning technologies.

TECH5 target markets include both Government and Private sectors with products powering Civil ID, Digital ID, as well as authentication solutions that deliver identity assurance for various use cases. 

Learn more: www.tech5.ai

Mobile ID World Logo

Mobile ID World is here to bring you the latest in mobile authentication solutions and application providers. Our company is dedicated to providing users with the best content and cutting edge information on technology, news, and mobile solutions for your mobile identity management needs.

HID logo

HID powers the trusted identities of the world’s people, places and things. Our trusted identity solutions give people convenient and secure access to physical and digital places and connect things that can be identified, verified and tracked digitally. Millions of people use HID products to navigate their everyday lives, and billions of things are connected through HID technology. https://www.hidglobal.com/

Recent Posts

  • Illinois Lawmakers Are Okay With Face-scanning Drones (Sometimes) – Identity News Digest
  • Worldcoin Raises $115M Series C to Fuel Biometric UBI Efforts
  • Worldcoin, Mobile ID, Biometric Privacy, and More – Identity News Digest
  • Learn How Biometrics Are Fighting AI-Enhanced Fraud with Onfido’s Therese Stowell
  • The Seamless Future of Travel Starts with Passwordless Booking

Biometric Associations

IBIA and fido

Tweets

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 FindBiometrics