- Security TWENTY
- Women in Security
We’re reaching a stage where a lost or stolen phone can intuitively shut down all its apps because it knows it’s not the owner tapping away on its screen, and when banks are actively testing these types of systems as alternatives to passwords and PINs. Therefore when it comes to security, one can safely assume that behavioural authentication, already on the rise, will be the next great frontier in device authentication, writes Richard Lack, Director of Sales, EMEA at Gigya, an identity and access management IT product company.
Take Project Abacus for example. Born from the desire to find a way to make authentication systems device-driven, rather than human driven. First introduced to developers last year, Google partnered with multiple universities, as well as 25 experts from 16 institutions, to create a system which, according to Google, is now ten times more secure than fingerprint authentication.
Google’s head of their ATAP (Advanced Technology and Projects) research unit, Daniel Kaufman, recently announced Project Abacus as the next step in their war against the password. Not to be confused with Google’s already launched Smart Lock system, which uses trusted locations and face recognition to allow you to unlock your device with a PIN or password, Project Abacus takes this idea of trust one step further.
Running continuously in the background while you use your device, it begins to get to know you, and gathers data about you and your usage patterns – for example, typing patterns, current location, speed, and voice patterns – and uses that data to create your own, unique trust score. Driven by the brains behind Google’s search and machine intelligence groups, their Trust API is believed to be so reliable that even the most highly sensitive industries are engaged in testing it out.
What does this mean for the future of customer identity management processes?
Our recent survey found that 52 per cent of consumers would choose anything but a traditional username and password account registration when given the option. Currently biometric identification is seen as the higher standard for verifying identity. Not only is it not prone to forgetfulness like the password; it is also more secure. What’s more, 80 per cent of consumers believe biometric authentication is more secure than traditional usernames and passwords, which often end up on Post-It notes.
And it appears that the next generation are ready for biometrics. Our research found that almost half of Millennials claim to have used at least one form of biometric authentication, with 66 per cent claiming to own at least one device that offers some form of biometric authentication. What’s more, the UK retail banking sector has seen some extraordinary developments in the last two years, including HSBC which recently announced the ability to open banks accounts with a selfie. It seems the penny has finally dropped, and companies are now competing to identify their customers securely without the howling frustration of complex passwords and secret answers.
What should businesses be aware of?
Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.
Nevertheless, all forms of biometric security have their weaknesses. Iris scanning which was recently announced on Samsung’s new devices can be fooled by simply holding up a photograph of the user, which is why Samsung asks its users to blink. Fingerprint verification has been hacked using simple Play-Doh and there are numerous accounts of phones being unlocked while their owners are either asleep or incapacitated due to alcohol. Therefore while biometrics can offer a powerful form of authentication, it is essential that people understand the importance of protecting their biometric credentials.
Current industry estimates tend to agree that the typed computer password, which celebrates its 45th birthday next year, is either dead or dying and will be a shadow of its former self by 2020. Apple and Samsung have both put biometric identification on the front line of their devices and payment systems. Over the next few years we can expect to see this technology creep into all handsets, laptops, PC’s and even vehicles. The password will be well and truly dead, left behind to not only the likes of iris scanners and fingerprint technology, but also the likes of new and exciting behavioural authentication methods. Will your business be prepared for the next step in biometrics?