Subscribe by Email

Your email:

Browse By Date

Biometric Security and Control Blog

Current Articles | RSS Feed RSS Feed

Biometrics--A World Without Passwords

If you had to choose between the use of passwords and personal identification numbers and not using any, which would be your pick?  What if you could have extra security and added convenience by not using any passwords ever again?  Surprisingly, this no-password technology is here and is growing rapidly.  It is called biometrics, and you will travel this road in no time.

Biometrics involves the use of automated methods of recognizing an individual based on his physical or behavioral characteristics.  Some common commercial examples are fingerprint, face, iris, hand geometry, voice and dynamic signature biometric authentication.

Looking back, do you remember the day you decided to switch from dial-up to broadband technology?  Biometrics will have the same effect once adopted by the masses.  
The decision to switch to broadband had two common denominators: speed and convenience.

In the password world, the same analogy applies.  What if you could achieve higher security combined with added convenience and efficiency without ever using passwords?  Is this a good justification for another major revolution?  Perhaps not yet, because many react to implementing security only after experiencing a crisis.

The solution that could simplify password security issues is biometrics. Biometrics provides an additional layer of security, efficiency and convenience for both users and IT administrators alike.  

Here are a few facts you should know about most biometric solutions:

In general, a biometric solution is non-intrusive.  Using biometrics, the fingerprint image is extracted into a binary template, then converted into an encrypted template and either stored onto the hard drive or sent over the network to a matching server.  Reverse engineering to convert this data back into the fingerprint image is virtually impossible.  Recent advances in capture hardware, such as some of the newer fingerprint devices, are producing better images with a smaller mechanism at a lower price compared to just a few years ago while, at the same time some can detect "liveness" of the fingers to help prevent enrollment or authentication by a dead or fake finger.

An additional consideration should be the ability of a system to operate seamlessly in multiple application environments, and across multiple devices from different vendors.  This is known as interoperability.  To be truly interoperable, a biometric solution should be able to operate on many databases, web application servers and many biometric capture devices.  One might say the system should have the equivalent to open source architecture, much the same as Java became an interoperable platform that served as a catalyst to the widespread use of Application Servers.

Biometric Identification: Are Privacy Concerns Warranted?


We see today the inexorable movement to the adoption of biometric identification for the securing of many applications from logical and physical access to various forms of credentials such as driver's licenses, passports, and frequent flyer identification cards.  How are we to interpret this shift to biometrics?  Should we consider that such techniques are an invasion of our privacy?  Are Michael Chertoff's statements that  "a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world, they're like footprints. They're not particularly private" reflective of the beliefs of the populous at large?

It appears that the primary concern of all people should be the convenience and greater security that biometrics produces as well as the degree to which biometric templates are themselves secured.  Any popular biometric identification system should include safeguards as to the integrity of its storage of biometric templates, strength of encryption, and resistance to be spoofed or hacked.  By incorporating these features, the privacy of the biometric templates and attendant data of the system's users can be virtually assured.  If these attributres are present, then the enhanced security provided by the use of biometric identification and biometric authentication can be confidently utilized to make our lives more secure and less vulnerable to attack. 


All Posts