Five Questions to Ask Before You Deploy Biometrics
With Apple and Samsung incorporating biometric authentication into their smartphones, biometrics went from being nerd talk to cool user experience. The convenience of a simple finger tap or a look into the camera to unlock your phone, as opposed to entering a password, has lured millions of users into biometrics. If consumers are drawn to biometrics because of its convenience, businesses are drawn to it because of its security.
Companies managing sensitive information, such as those in the financial, technology, and government sectors, are prime examples of industries relying more and more on biometrics. This type of security is becoming a prominent alternative; users don’t need to memorize complex passwords and biometrics are virtually impossible to spoof.
If you are considering biometrics to authenticate users at your company, here are five important questions you should answer before committing to a biometric solution.
1. Do I need biometrics if I already have strong perimeter security?
This question is one you probably assessed before starting your biometric solutions journey, but it is important to go over it again.
Network perimeter refers to the boundary between networks. On one side you have your network, and on the other you have anything that your network may connect to, such as the internet. Also called “gateway to the internet,” a network perimeter acts as a first layer of defense protecting your internal systems and data. This is accomplished using devices or tools like firewalls and load balancers, which block unwanted or unsafe traffic.
The challenge with this security model is that once a device or user is within the security perimeter, it is able to freely navigate the network. In other words, anything that is inside the security perimeter is considered secure - which might not always be the case.
Meanwhile, user authentication involves constant verification of a user, device, app or network, regardless of whether they are inside or outside your firewall. Frictionless solutions, such as ImageWare’s GoVerifyID, allows users to effortlessly and securely authenticate their identity as many times as necessary, conforming with Zero Trust efforts and other security initiatives. The idea is to verify every request for access to your data. This shields a network from an attack by limiting the reach a user might have.
2. How do you plan to capture biometric data?
There are multiple ways to capture biometrics. The most commonly used are facial, voice, fingerprint, retina, and palm. There are also unconventional ways such as dental, ear geometry, and even DNA!
When choosing which biometric system to implement, always consider the environment around your end user. A fingerprint sensor may be an unfit solution in freezing climates, since removing gloves could be unpleasant. Voice recognition is challenging in noisy or crowded areas, where users may be shy of speaking numbers out loud and environmental noise may disrupt the biometric collection.
A provider with a wide range of biometric options will find the best solution that works for you, focusing on your requirements, expectations, and other peculiarities.
3. Where do you plan on storing biometric data?
This question is interesting because its a tricky one. The answer is: you do not store biometric data as raw images.
It is ironic how proper storage of biometric-related data is one of the most vital aspects in secure IT infrastructures, and yet news of data breaches that could have been prevented with the right security measures is quite common.
ImageWare, the company with the most cited multimodal and anonymous storage patents, suggests a couple of best practices:
Store biometric templates, not biometric images
Raw images can be easily used to replicate a biometric in an attempt to spoof a security system. Biometric templates, which are a mathematical representation of a biometric, are virtually impossible to reverse-engineer back into a raw image of a biometric. In this way, even if biometric templates are compromised, they will be useless to a hacker.
Store biometric templates and personally identifiable information separately
In the unimaginable case that hackers are able to reverse-engineer a biometric template back into a biometric sample, they will still need personal information to tie to that biometric. By having both databases separately, hackers would have to break into two sets of servers, reverse-engineer biometric templates, and figure out which biometric belongs to which user.
4. How user-friendly is your new solution?
Authentication systems must be easy to use, otherwise adoption rates will be low and abandonment rates high. Solutions that add friction to the process, such as 2FA, will annoy users and increase authentication time. Biometrics, on the other hand, relieve end users of having to memorize complex passwords, authentication takes only a few seconds, and you do not need to have your phone with you or memorize any passwords. Users will be drawn to biometrics due to the security it provides and will continue using it due to its convenience.
5. Does your new solution work across devices and platforms?
Just like any other software, your chosen biometric system has to be compatible with the devices and platforms that you are using within your organization. As exemplified by GoVerifyID, which is compatible with all major operating systems (Windows, Mac, Linux, iOS, and Android), your biometrics should work flawlessly with your existing technology and processes. Biometrics should augment and improve your overall access management security, not make it more challenging or take longer.
Biometric authentication systems are the ultimate combination of security and convenience. However, not every system is the same. It is essential to know how you will capture biometrics, how your biometric-related data will be stored, how easy it is to use the system, and how it will integrate into your current operating systems and processes. ImageWare provides extremely flexible solutions that range from turnkey products to customizable SDKs, ensuring an ideal system will be deployed at your company.
Contact us today to find out how we can develop the right biometric system for your business!