Monday, July 6, 2015

Imagine No Passwords: It's Easy If You try

You may say I'm a dreamer, but I'm not the only one. Well it is a bit of a dream, but It will happen and is a must for digital organizations to move forward quickly to transform and adapt to change. See http://jimsinur.blogspot.com/2015/06/security-is-boat-anchor-to-digital.html

Biometric technologies hold big promise and have for years, but they all seem to have problems. We are seeing all of them roll out at the same time. The question is which one dominates and makes passwords passe?  Let's dig a little into each approach. 
















Voice:

Voice authentication seems well-suited to smartphones: They’re already designed to handle the human voice, and include technologies like noise filtering and signal processing. Approaches to speaker identification vary, but they all have to handle variations in speech, background noise, and other differences. As long as there is not static pin, there is hope here to foil recordings. Voice prints will have to be guarded in way that does not allow local phone storage and spying to be successful.


Finger Printing:

Typically, users swipe a finger over a narrow one-dimensional scanner, and the system compares the data to an authorized user. The process of scanning and matching is complex, but as the technology has evolved, accuracy has improved and costs have come down. But fingerprint readers have downsides. The most obvious are injuries like burns and cuts — imagine being locked out of your phone or computer for a week because a potholder slipped. Stains, ink, sunscreen, moisture, dirt, oils, and even lotion can interfere with fingerprint readers, and some fingerprints just can’t be scanned easily.

Facial Recognition:

Another biometric scan technology is facial recognition. This technology is considered a natural means of biometric identification since the ability to distinguish among individual appearances is possessed by humans. If there is movement that can be detected to prove life versus a captured image, this approach seems promising. Bad lighting, glasses, smiles, goofy expressions, hats, and even haircuts can cause problems. Even the best facial recognition systems struggle with angled images, and people’s faces can change radically with age, weight, medical conditions, and injury.

Iris Scanning:

Iris recognition also has pitfalls. Users would likely have to hold a device closed to their face, with decent lighting and little to no motion. Most eyewear would have to be removed, and some drugs and medications can deform an iris pattern by dilating or constricting pupils try passing an iris scan following an eye exam. iris scanners can be fooled by quality photographs, or even contact lenses printed with fake irises. As a result, right now the technology is mostly used in human-supervised situations — like immigration and passport control — rather than automated systems.

Tattoos & Pills:

Pills and tattoos could replace passwords as new and radical solutions to the authentication problems. You could easily tattoo, inject or ingest electronic ids onto or into people. Of course there would be great push back to these forms of invasive forms of branding. Maybe you could make these approaches cool, but the resistance would be great unless there were negative consequences for not conforming. Of course, this is an idea from DARPA. I would die first. 

Net; Net:

Biometric approaches depend things not changing and nobody else being able to duplicate the biometric of choice. Once they are breached, there is little to do, but to change approaches or create a random and evidence of life approach. I'm not normally a betting man, but I think voice has the best shot with a little hashing & randomizing because phones are getting better at killing background noise.   

Some of the materials in this blog were sourced from Goeff Duncan.