Biometric technology has long been touted as the replacement for traditional passwords, and many security researchers are investing in research into the technology. Consequently, any successful hacking of a biometric system makes big news, regardless of the context or the ability to recreate the attack at scale.
In a matter of just two weeks, we heard that Samsung’s Galaxy 8 Iris Scanner was bypassed by the infamous Chaos Computer Club; BBC reporter Dan Simmons was able to have his non-identical twin brother successfully spoof voice biometrics; and four researchers from New York University and Michigan State University were able to develop a set of artificial “MasterPrints” that could fool as many as 65 percent of mobile devices relying on fingerprint technology.
With so much potential for security compromise, it’s reasonable to ask if biometric authentication for the masses is doomed on arrival. Biometrics are powerful tools that strengthen security and improve user experience. Many financial institutions have been leveraging voice biometrics successfully over the past few years. Even as security research continues to show some weaknesses in biometric technologies, it’s much less vulnerable to attacks than alternatives such as SMS one-time passcodes or knowledge-based questions. But, as we often say, there are no silver bullets for security and fraud prevention.
One of the keys to properly leveraging and integrating biometrics is to utilize overlapping layers of security. This can deter criminals from attacking specific organizations, as their costs drastically increase when they try to break through multiple layers of protection, the same way thieves are less likely to rob a house that has more than one security measure protecting it.
What is currently being done in order to create layered security strategies? One method is to limit the number of attempts allowed when attempting to access secure systems and to increase the match threshold, reducing the likelihood of unauthorized access. Adding any number of additional security measures to supplement biometric technology further ensures a strong, secure fraud barrier.
A holistic, multi-layer security strategy is key to significantly improving authentication methods in terms of customer experience, efficiency, and security; including biometrics in such a strategy only further helps with that improvement.
At Easy Solutions, we are committed to helping our clients create and implement a multi-layer security system. The most recent version, DetectID Mobile Authentication, now includes support for all types of biometrics. Using push notifications and a secure, encrypted communication channel, your transactions will be protected by a system that is completely resistant to attacks, ensuring complete authentication that the transactions are being performed on trusted devices.
The newest version of Detect ID makes it even more convenient than before to use this method of authentication, with a built-in notification tray where users can see missed push notifications or notifications cleared by mistake.
For more information, visit our page on Detect ID.