An Introduction to Biometrics for Identity Management

In this article, we provide an overview of Biometrics and how they can be used to manage identity. 

At the beginning of 2020, Cybersecurity pundits have already made their predictions about what the threat landscape will look like this year. While some have predicted gloom and doom scenarios, others believe that it will be the same as 2019, but only slightly worse.  

There is one common thread across all of these predictions: Despite passwords being the weakest link in the security chain, they will still be the de facto standard that will be used in terms of Identity Management and end-user authentication.

Because of this, user passwords will still be a highly sought-after item for hackers.  In a way, this is becoming a cat-and-mouse game. Businesses understand the need to create long and complex passwords, but to employees, they are too difficult to remember. As a result, they fall back to using passwords that can be easily hacked (such as using “password”, or “123456”.).

What can be done to alleviate this issue? One approach is to adopt a Password Manager, which can create and store long and complex passwords for the user. Password Managers can also leverage Biometric Technology.

[feature_box style=”10″ only_advanced=”There%20are%20no%20title%20options%20for%20the%20choosen%20style” alignment=”left”]

Before you continue reading, how about following us on LinkedIn?

[/feature_box]

What Biometrics Are All About

Biometrics have been around for quite a long time, going all the way back to the 1960s. But it is not until recently that they have started to make its splash in the realm of Identity Management.

Identities are confirmed by a combination of the following: a) something you know (username, password), b) something you have (token, badge, proximity card), and c) something you are (fingerprint, iris). Biometrics confirm the user identity based on something they are (e.g. via their unique physiological and behavioral traits). Biometrics include the following:

• Fingerprints (such as the ridges, whorls, and valleys that are found within it)
• Hand scans (this includes the shape of the hand, and the geometric distances between the features of it, and even the vascular structures)
• Eyes (this encompasses both the iris and the retina–the former is the colored region between the pupil and the sclera, and the latter refers to groups of blood vessels in the back)
• Facial recognition (this includes the examination of your lips, nose, chin, eyebrows, etc., and the corresponding distances between them)
• Voice signature (the different voice inflections in our everyday speech)
• Your signature (note that this is not the signature itself, but in the mannerisms in which we sign our name)
• Your keystrokes (these are the mannerisms in which we type on our computer or wireless device keyboard)

The first five are known as “Physical Biometrics”, and the last two are known as “Behavioral Biometrics”.

How Biometrics Can Confirm Your Identity

Biometrics can be configured in a variety of ways from very complex to very simple. A good example of this is the TouchID and FaceID that are used in the latest versions of the iPhone.  But no matter what the configuration is, there is a methodology that is used across all the Biometric Modalities in order to confirm the identity of an individual which is as follows:

1. Raw pictures and/or samples are collected and converted into various images.
2. These images are then combined into one master image.
3. From the master image, the unique images are then extracted and evaluated by the Biometric system.
4. Once the unique features have been extracted, they are then converted over into a unique mathematical file; this becomes known as the “Enrollment Template” and is permanently stored into the database of the Biometric system.
5. If the end-user wishes to gain either physical or logical access entry, he or she must go through the first three steps again. The end result is that the “Verification Template” is created.
6. The Enrollment and Verification Templates are then compared against one another to determine the statistical closeness between the two. If there is a close enough match between the two, the end-user is then granted access to the resource that he or she is seeking. If there is not enough closeness, then the individual must start this entire process all over again, from the very beginning.

It is important to note that the first three steps are known as the “Enrollment Phase”, and the last two are known as the “Verification Phase”.

Biometrics As A Replacement To The Password

Using Password Managers can be a good option to support compliance with your password security policies (length, complexity, uniqueness). Given the ease of hacking passwords, many organizations are looking for something more secure. That’s where biometrics come in. The technology is fast becoming the de facto replacement for the password.  

Although, in theory, any Biometric modality can be used for biometric authentication, Fingerprint and Iris Recognition are the two predominant methods that are being used across corporate America, from SMBs to Fortune 100 companies. Facial Recognition is also starting to gain some traction; however, there are issues with this approach, especially with respect to protecting users’ privacy.

Fingerprint Recognition devices can be installed directly onto a user’s workstation with the scanner connected via a USB cable. The optical fingerprint is used for both the Biometric Enrollment and Verification processes. Fingerprint Recognition is a “full contact” technology, where the end-user has to have physical contact with the device to validate their biometric.

Iris scanners work in a similar manner but are a “contactless” technology where the end-user points the camera at their eye at reasonably close proximity so that a good quality image of the iris can be captured. The scanner compares the image collected during Enrollment with the image collected for Verification, and if they match, authenticates the user. 

There are a number of key advantages as to why organizations should seriously consider adopting Biometric-based SSOs versus using the traditional password as the primary means of confirming the identity of an individual.

9 Advantages to a Biometrics-based SSO

1. Unlike passwords, your fingerprint or iris cannot be stolen, they are a permanent part of you.
2. Just about every human being on the planet has their own unique set of fingerprints or irises–therefore they cannot be replicated, unlike a password.
3. Because the Enrollment and Verification Templates are actual mathematical files, there is nothing that a cyberattacker can do with them in the event that they are hijacked, unlike with stolen passwords or credit card numbers.
4. It is quite difficult to reverse engineer these mathematical files in order to construct the original composite images of either the fingerprint or the iris.
5. An end-user can literally be logged into their workstation or wireless device in just a matter of a few seconds, versus the minutes it can take to use a password.  Although this time gap may not appear to be too significant, the time savings can add up in the long term, and thus result in greater employee productivity and satisfaction.
6. In most businesses, the typical administrative cost to reset a password is about $400 per year per employee. A Biometrics-based SSO totally eradicates this cost.
7. Because employees will no longer have to remember long and complex passwords, the so-called “Post It Syndrome” is eliminated. This is the situation where employees write down their passwords and stick them to their workstation monitors.
8. Since everybody has a unique fingerprint and iris structure, by using them as an SSO, the overall security posture of an organization is further enhanced because passwords are no longer needed and thus not being used.
9. Fraud is also becoming a huge and escalating reality, but by using Biometrics-based SSOs, this should help to bring these levels down drastically. After all, nobody can replicate your fingerprint or iris.

Has your organization utilized Biometrics-based SSO? What advice would you give to other organizations exploring this method of authentication?

[feature_box style=”33″ title=”Unlocking the Benefits of an IAM Roadmap
” alignment=”center”]

Are you using the right IAM solution to maximize your program’s value to your organization? How do you know which vendor is right for you? And how do you ultimately gain organizational buy-in? Join Idenhaus to learn how to evaluate the needs of your organization (people, process, technology) and the steps you can take to build a comprehensive, convincing IAM Roadmap to guide key stakeholders at your company from concept to reality.

In this webinar, you’ll learn:
– How to engage and empower your key stakeholders
– How to evaluate and prioritize the needs of your organization
– How to find the best fit of available solutions

Reserve your spot now

[/feature_box]

Follow @Idenhaus on Twitter and subscribe to our Identity Management biweekly or our healthcare IT biweekly newsletter.

Idenhaus is honored to be featured in the Top 10 Identity Governance and Administration Consulting/Service Companies of 2019.

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us