Mature talk on authentication…

Security vs. usability—that’s the choice we make with passwords (Phys.org)

We all need some kind of authentication process if we are to access information systems at work or at home. We know why we need to do it: to make sure we have access to our data and unauthorised people don’t.

So why do we routinely ignore such advice[…]?

Not all passwords protect equally valuable access. It turns out that many people are choosing weak passwords on low-priority systems like retail and media sites, and stronger authentication measures on high-priority systems like finance and work-related systems.

This sheds light on why even rigorous security measures like biometrics are being applied to instances where people are willing to jump through more password-related hoops but find the password regime horribly inconvenient.

Windows Hello face recognition not fooled by Australian twins

Microsoft’s facial recognition software does something amazing when it encounters twins (Business Insider)

Each set of twins set up an account for one and then the other attempted to log-in — and the software held. According to The Australian, there was not one instance of Windows Hello allowing the wrong twin access to the computer.

The headline to the contrary, notwithstanding, Microsoft’s facial recognition software pretty much does nothing when it encounters a legitimate user’s identical twin.

MasterCard announces two biometrics pilots

MasterCard puts faces and fingers under microscope (Mobile World Live)

MasterCard and First Tech Federal Credit Union, a US financial institution, will pilot the authentication of payments using facial and fingerprint recognition, in what they claim is a first for the country.

Separately, MasterCard is running another biometrics trial with International Card Services (ICS), the leading credit card provider in the Netherlands.

Biometric ID at issue in California Uber fight

Uber driver background checks ‘not good enough’ (BBC)

At a press conference, George Gascon, district attorney in San Francisco, said problems with the data that Uber relied on to check drivers meant it could miss some former criminals. For instance, he said, 30,000 registered sex offenders were not in the database Uber used.

An alternative screening system used by other cab firms called Livescan did catch people who were on the sex offenders list, said Mr Gascon.

Market forecast for fingerprint access control systems

Fingerprint access control systems: Market analysis by technology and market segment; forecasts to 2022 (Grand View Research)

The industry can be segment based on application as commercial, consumer electronics, military & defense, government, healthcare, banking & finance, and others. Government and commercial is anticipated to be key application segment over the forecast period.

Commercial fingerprint access control systems market is expected to be dominant over the next seven years, and accounted for over 30% of the overall revenue in 2014. Government application segment is expected to grow at a CAGR of over 6.5% from 2015 to 2022.

You know better but I know him

If we go to biometric IDs, will hackers try to steal your face? (CreditCards.com)

How much damage could a data thief do with your biometrics? According to experts from three different biometric modalities, the threat of someone virtually slipping into your skin is based far more on Hollywood-fueled paranoia than how biometrics are actually secured and deployed in the real world.

An analysis of iris, vein and heartbeat biometrics follows from there.

The piece also serves as a useful counterpoint to this one at InfoWorld which has biometric authentication technology as “Doomed security technology No. 1,” where the author’s formulation,

“After all, using your face, fingerprint, DNA, or some other biometric marker seems like the perfect log-on credential — to someone who doesn’t specialize in log-on authentication.”

begs the retort: After all, using your face, fingerprint, DNA, or some other biometric marker seems like it is destined for history’s dustbin — to someone who doesn’t specialize in biometric authentication.

Microsoft and Synaptics working on fingerprint hardware

Synaptics TouchPads to work with Windows Hello (WinBeta)

The new TouchPads would be able to read your fingerprint to enable Windows 10’s new biometric login feature Windows Hello, which aims to eliminate the use of passwords by replacing them with either fingerprints, facial recognition, or iris scanning.

Morphing the touch pad mouse sensor hardware into a fingerprint reader would be pretty cool. Getting the ID transactions right, though, will be a pretty heavy lift, technically, depending on the use model.

More baseball stadium biometrics…

Yankees announce improved security and entrance measures for fans (Crain’s) &#8212 Yankee Stadium visitors soon will be able to avoid long security lines by registering their fingerprints with a biometric identity service used at 12 U.S. airports.

In another deployment the St. Louis Cardinals (baseball’s second-most successful franchise in history) have installed iris biometrics for player and staff access control in more secure locations.

Kudos to Morpho

MorphoTrak Leads With Face Comparison Training (Financial Content)

MorphoTrak, a U.S. subsidiary of Morpho (Safran), announced today that it will offer vendor-independent training* in face comparison, filling an acknowledged gap in the field of computer-aided face recognition and facial identification. Automated face recognition systems are common in both law enforcement and civil applications, yet facial matching software can only present the reviewer with potential matches. It is up to the human reviewer to decide whether two facial images belong to the same individual.

*“Vendor-independent training” means that the techniques the course will teach work for all face examiners, no matter what face recognition software they are using.

Kudos to Morpho. Facial recognition is a powerful tool for well-trained users. This challenge is well known among those who have worked to place facial recognition capabilities into the hands of law enforcement and security professionals.

Computers don’t look at the world the way we do. Whether that’s a good thing or not depends on what you’re trying to accomplish. For facial recognition in a law enforcement context, it’s a good thing to have a radically different point of view applied to a challenge.

First, faces are probably the most meaningful objects in human existence. It’s not too much of an exaggeration to say that for millennia human survival has depended upon our abilities at one type of facial recognition: recognizing people you know. Sorting through hundreds of thousands of pictures of people we don’t know in order to match the two that are of the same person, however is not something we’re inherently good at.

Computers can do that in less than a second, then give the two pictures to a human which is very good at making the single comparison &#8212 if that person understands their role in the machine-human partnership well.

Training is the key.

Microsoft, privacy and biometrics

Microsoft moves to quell Windows 10 privacy fears (Daily Nation)

According to the company’s privacy statement, some of the information collected include “your typed and handwritten words”, emails, conversations users have with the digital assistant, Cortana, location data and selections, such as stocks a user follows in a finance app, or the team a user supports in a sports app. Articles detailing privacy concerns have appeared in The Guardian, Newsweek and the Financial Times.

In the statement supplied Monday, the company says Microsoft does not sell the information customers provide it, but makes it available to employees and third-party engineers to improve Microsoft services.

Users can choose the level of information they send to it and selectively remove the information that Cortana, the digital assistant, tracks, while no biometric data from Windows Hello is shared with third parties, the company said.

It looks like the attention Microsoft is getting for privacy concerns surrounding Windows 10 is mostly to do with default settings. It also appears that Microsoft treats biometric information differently by default, not sharing it even with trusted third-party developers.

Two of the issues, surrounding Wifi Sence and how Windows Update Delivery Optimization (WUDO), are covered very well by The Hacker News which provides simple instructions for how to address them by changing default settings.

Reading through both of the Hacker News pieces, a picture of Windows 10 emerges that shows Microsoft giving serious thought to how make connectivity simpler with Wifi Sense while making the Windows ecosystem more resilient to the security threats already out there and those that easier connectivity implies with WUDO.

US: San Jose airport/Alaska Airlines test program for fingerprint boarding

Alaska Airlines: Fingerprints replace boarding passes (Desert Sun)

Those who signed up for the test went through an enrollment process that took about 20 minutes. After that, they were permitted to use their fingerprints to access the TSA screening area through the CLEAR lane. Fingerprint readers at the boarding gates were able to pull up a passenger’s boarding pass for the gate agent to review.

“The feedback was very positive,” said Tolzman. “On a survey scale of ‘dissatisfied’ to ‘delighted’ over 85 percent of the participants were delighted with the system.”

With the Colorado Rockies stadium access, that’s news of two innovative CLEAR deployments in two days.

Windows 10 is here

Microsoft’s big day is here and for biometrics that means Hello, biometric authentication for Windows 10 devices.

The promo is quite snappy.

But even though the promo piece concentrates on face recognition, Hello face logins are limited to the Intel Real Sense 3D camera. With limited options for external face hardware, how about fingerprints? Does Hello support a wider range of fingerprint hardware? It appears that it does.

Foraging around the internet, I found this May, 2015 piece by Richard Hay at WinSuperSite.com that details his experience integrating an off-the-shelf budget fingerprint reader with a beta version of Windows 10 Hello. It seems pretty straightforward. That means that the fingerprint login is probably going to be easier for most people who want to take advantage of Hello, at least on desktops. Carrying a USB connected piece of hardware won’t work as well for mobiles running Windows 10, but it makes sense to expect Windows phones with onboard fingerprint readers soon, especially given Microsoft’s investment in Hello..

My personal preference on fingerprint hardware is for sensors that capture the whole image of the fingerprint instantly over the swipe readers, but they are more expensive.

All the early Hello press revolves around access to the device, and it’s true that Windows and fingerprint hardware manufacturers have supported a lot of this functionality for years, now. It remains to be seen how deeply into the operating system the biometrics go. Still, one fewer password is welcome.

India: Biometric verification required for student ID and attendance

Biometric attendance must for jr colleges (Pune Mirror)

“We have made biometric attendance mandatory for all junior colleges. This will also let us compare statistics of students opting for specific colleges and give us data about students admitted to that college under the centralised admission process. While this system will leave no room for bogus admission at any city college, it would also make students serious about attending their lectures. Their casual attitude regarding college will change,” said Ramchandra Jadhav, DyDE.

A large potion of that educational institutions must do revolves around identity management.

Banking biometrics taking off in West Africa

A couple of stories out today from West Africa’s largest country, Nigeria, and perhaps its most respected, Ghana, tell of adoption of large-scale biometric deployments in finance.

Nigeria Inter Bank Settlement System (NIBSS) has disclosed that over 18 million customers have so far enrolled for the Biometric Verification Number (BVN) exercise (The Sun)

Eight foreign remittance firms join Ghana’s e-Zwich (Modern Ghana)

Biometric sign-on

Biometric SSO – A secret weapon to protect your data (Engadget)

The advantages of using biometric SSO solutions for securing enterprise information are huge. Firstly, utilizing biometric SSO authentication provides stronger authentication and security instead of relying on traditional passwords. It is nearly impossible to steal or duplicate biometric characteristics for authentication purposes. Besides, biometric characteristics are unique for every person in the world; even identical twins have different biometrics. Hence, biometric SSO achieves the highest level of identification accuracy. Secondly, implementing a biometric SSO technology is considered as a cost effective solution to reduce financial losses from being compromised by weak password management policies. Thirdly, the variety of biometric SSO modalities available such as fingerprint, iris, vein, and palm brings a huge flexibility to organizations to achieve better return on investment.

Often overlooked, biometric hardware itself provides an enormous security benefit. From this 2012 post on biometrics in schools

Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.

Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can’t just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.

Security integrators and IT professionals in the IoT era

Role Of Security Integrators In The Internet Of Things Era (Source Security)

Networking IoT devices may seem like an information technology (IT) function, typically handled by a chief information officer (CIO). However, says Martens, CIOs will be preoccupied with complex issues far beyond physical security. Therefore, identifying where IoT sensors are placed, how they are managed and how they interact will fall to facility managers. And they will depend on their security integrators’ expertise more than ever.

Technology is pushing the security and IT functions closer together, most obviously because they are increasingly provided over the same infrastructures. There’s a lot of good insight at the link.

Market analysis from IndustryARC

Next Generation Biometrics Market is estimated to be $5.9 billion in 2014 and is growing at a healthy CAGR of 22% (IndustryARC)

The market is characterized by established brands with high revenue; high R&D capital reserves and well instituted distribution channels. But, the market place is also being disrupted by firms with innovative solution that have emerged to solve specific problems. With cost effective solutions offering greater security, companies will be able to position themselves uniquely.