Networked IT ID management in the real world
Passwords are the weak link in IT security (Computerworld)
Password security is the common cold of our technological age, a persistent problem that we can’t seem to solve. The technologies that promised to reduce our dependence on passwords — biometrics, smart cards, key fobs, tokens — have all thus far fallen short in terms of cost, reliability or other attributes. And yet, as ongoing news reports about password breaches show, password management is now more important than ever.
All of which makes password management a nightmare for IT shops. “IT faces competing interests,” says Forrester analyst Eve Maler. “They want to be compliant and secure, but they also want to be fast and expedient when it comes to synchronizing user accounts.”
Is there a way out of this scenario? The answer, surprisingly, may be yes.
It goes on from there to cover several different solutions, including biometrics.
Biometric system keeps excluded man from attending Boca Juniors-River Plate game
Argentina’s derby of derbies ends all-square (The Star – Malaysia)
Meanwhile, security measures appeared to have worked efficiently after a renowned figure among Boca’s ‘barra brava’ or hooligan fringe was picked up by biometric identification system and was refused entry to the venue.
Mauro Martin tried to get into the game but Interior Minister Florencio Randazzo said he had been caught in the net and was prevented from attending after his fingerprints were checked.
During the summer, Martin required hospital treatment for a gunshot wound suffered in a confrontation between rival Boca hardcore followers.
Here’s the scene yesterday at the ‘Bombonera’ in Buenos Aires. It’s obviously an incredible atmosphere.
Notice that the players seem to be deposited into the center of the field via a long protective tube.
Biometrics a key part of growing market for Electronic Security Systems
Growing Security Concerns and Demand from Developing Markets Drives the Electronic Security Systems Market, According to New Report by Global Industry Analysts, Inc. (Press Release via Yahoo & PRWeb)
Another noteworthy trend is the shift in preferences towards integrated electronic access control systems & advanced network systems. Given their ability to enable the integration of existing access control systems with other security services, IP based open-architecture systems will witness increased demand in the next few years, thereby adding to the revenue stream. Access control systems that offer remote access via web browsers or virtual private networks (VPNs) are turning out to be highly popular among businesses organizations, especially SMBs, thereby driving access control system installations. Biometric technologies such as voice and face identification solutions, iris scanners, hand geometry systems, and fingerprint scanners also offer bright prospects for the biometric access control market. Poised to gain are biometric physical access systems, which seamlessly combine with time & attendance, payroll and other human resource application systems.
The global market for Electronic Security Systems (ESS) is projected to reach US$62.5 billion by 2018.
The paragraph quoted above certainly matches what we’ve been seeing in the market lately.
No biometrics in iPhone 5
Critics take bite out of Apple over missing features (The China Post – Taiwan)
Other widely expected features that were missing included wireless charging and biometric unlocking, which uses facial recognition or fingerprints as found on many phones running the latest version of Google’s Android operating system. Two other popular features included on the latest Android and Windows Phone 8 devices but absent on the iPhone are enhanced widgets and notification tiles that let the user see information such as emails, weather, stock prices, tweets and Facebook updates right on the phone’s home screen.
Schools should consider biometrics to protect personal information
Schools put pupils’ information at risk (The Telegraph)
Schoolchildren’s addresses, routes to school and even fingerprints are at risk of exploitation because nearly half of schools have no policy for handling pupil data, researchers have found.
If schools are unable to keep data secure, biometric template information is the last thing that should concern parents.
As the article points out, schools also keep academic records, behavioral records, medical records, socio-economic assessments for administering school lunch programs, home address information, counseling notes and a ton of other information that is much more sensitive than a fingerprint template consisting of a string text characters that cannot be used to learn anything about a student.
Too often, news accounts use biometrics as the ultimate example of private information and the hook on which to hang all sorts of fears the reader is supposed to imagine — i.e. part of the problem — when they are actually part of the solution. Because biometrics are far superior to usernames and passwords for securing personal information, I’d suggest that all electronic access to student information should be controlled biometrically.
Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.
Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can’t just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.
Keeping Biometric System Vulnerabilities in Perspective
Biometric security hacks threaten to ruin the KeyLemon party (Wired)
As biometric security systems from companies such as KeyLemon are increasingly introduced to devices, spoofing attacks are becoming more common and sophisticated. The Tabula Rasa project aims to prevent these security breaches.
Lots of good stuff in the article. Just remember, lock-picking is spoofing, too, and if you use unattended facial recognition for access control, be very suspicious of that strange person that wants to “interview” you using her camera phone.
A case for Iris as the Killer Modality
Jeff Carter has made his TEDxEast talk, “Your Eye Will Unlock The World,” available online (YouTube).
He’s also on Twitter at @EyeLock_1.
Unlock Your Computer With Your Face
Free trial (30 uses) available at CNET’s download.com
I haven’t tried it but it looks well thought out and has some cool features. I like the feature where it takes a picture of anyone snooping around machine.
KeyLemon logs you in to your computer by using your face. More than just a glorified Webcam tool, it regularly checks to make sure that it really is you using the computer. The latest version of the app also comes with a neat Firefox plug-in called LemonFox, for added protection when logging into Facebook, Twitter, and LinkedIn.
Unlock Your Phone With Voice Biometrics
Nuance’s Dragon ID lets you unlock your phone by voice (GigaOM)
While typical phone unlocking programs require tapping in a short code or tracing a pattern on screen, Nuance’s technology uses two layers of security: biometrics, which recognizes your unique “voice imprint,” and a password or pass phrase – which in this case is spoken not typed, said Kenneth Harper, Senior Product Manager, Nuance. Nuance has been selling the technology for years to businesses and governments for use in their own biometric security systems – with 20 million voice prints on file – but this is the first time it’s offering up its technology to consumer phones and tablets.
Pretty cool.