SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Passwords being phased out in favour of biometrics
Mon, 11th Jan 2016
FYI, this story is more than a year old

Passwords are being phased out as biometric security options take centre stage, according to new information from security software firm Wynyard Group.

The Auckland-based company says consumers are struggling to remember multiple and more complicated passwords brought about by an evolving cyber threat landscape.

Experts claim the password system is broken and combinations are now so complex that an alternative is required that is far more difficult to duplicate or steal – making body parts the ideal solution,” the company says in a statement.

According to Biometrics Research Group, 650 million people will be using biometrics on mobile devices alone by the end of this year.

ATMs, cars and briefcases have also now been secured with both fingerprint and palm vein pattern recognition technology. “Next year, a gun-lock that will only release the trigger when the owner's finger squeezes is set to be launched,” the company explains. “And companies are increasingly experimenting with more unusual identifiers.

For instance, banking apps are now using digital readings of face shape to access financial details, while other apps require iris, heartbeat and even brainwave patterns.

According to Wynyard, this new wave of biometric identifiers has led to concerns regarding criminals' ability to replicate this data. Hackers have recently shown they could bypass Apple's Touch ID, which requires a fingerprint, by taking a photograph of the fingerprint on a glass surface and using it to create a false finger.

German defence minister Ursula von der Leyen had her thumbprint cloned by a hacking group, which took a photo of her hand from a distance at a press conference, Wynyard says.

One solution to this issue is to require multiple persona identifiers, so called multi-factor authentication, requiring for example both a fingerprint and an iris for recognition, the company says.

“This does not however address the issue of what could happen if biometric personal information is stolen,” Wynyard says. “ Only this year, the fingerprints of 5.6 million U.S. federal employees were stolen. Whilst passwords can be changed, a fingerprint cannot, meaning any future accounts protected with biometric data could be compromised.

If 2015 was the year of the breach with almost weekly breaches of company networks being made public, then 2016 could be the year of the exploit with stolen personally identifiable information – including biometrics – exploited to commit fraud, replicate identities and compromise consumers, commercial organisatons and intelligence activities, the company explains.

This will increase the hacking of organisations that hold DNA and other data like fingerprints as these unique signatures are increasingly used more often for authentication to devices and services.

“This growing area of criminal activity will demand a more rigorous approach to monitoring threat levels across organisations through specialised cyber security and intelligence software,” Wynyard says.

More companies are now focussed on rapid detection of malicious activity rather than its prevention, with the use of advanced analytics.

“Whereas conventional security solutions look for signs of malware code and other indicators of malicious threats, security cyber-analytics monitor network activity for tell-tale signs of cybercriminal behaviour.

“Activity might be documented within the logs of security software, network hardware devices, or user behaviour,” the company says. “This is all essential information that forms a powerful body of evidence which companies can leverage to fight back against unwanted intruders intent on stealing the most valuable and personal information of all.