Biometrics: Where do we stand?

Friday, April 16, 2010

Aaron Simmons


New Hampshire recently voted down the bill (HB 1409) and sided with the Security Industry to allow Biometrics.  So now that security is becoming a priority, where does it stand in the role of Authentication Verification? 

There are several methods for verification, (Biometric, PIN, Token and even Telephone Call Back/SMS).  Each one of these has its pro’s and con’s, especially depending on the market you are securing!

Some Compliance Regulations even call for this type of verification, including the Department of Homeland Security has a Directive for dealing with Biometrics.  However, some proponents of Privacy laws are pushing to halt the use of Biometrics.

So the question is; How can it benefit you in your sector, without becoming a liability?

Possibly Related Articles:
Firewalls IDS/IDP Network Access Control Network->General
Biometrics Authentication
Post Rating I Like this!
Ruben Ramirez If we are talking acceptable liability regarding privacy, Biometrics can be a viable solution especially when using several approaches to securing the identity data (i.e. fingerprint, etc) Regarding a given biometrics system, its security and storage of Authentication data, it does not have to store the true identity data of a given person. Hashing the user’s identity data and storing the hash instead if the true data can solve the problem of an adversary successfully identifying a user from ill-gotten stored identity data. There are other ways that can be expanded on such as air-gaping, etc. The remaining question is whether or not there are enough facts that can be presented in order to gain customer acceptance for Biometrics.
Cr00zng Around While it's true that there are number of different authentication method that's available as stated, the financial implication and customer acceptance had put a dent into its utilization across the board. Certainly, the government organizations with your taxes paid can require biometric authentication; however, try to convince your company that it is the way to go.

Not to mention the fact that biometric authentication isn't 100%; all of them have false acceptance/rejection ratios that can make your end users and security administrators miserable at times. for the time being it's better to stick with "tried and true" technologies, such fobs, or RSA tokens. Most of these systems do support software tokens as well that might just be the next authentication type that will be deployed widely.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.