The persistence of passwords

Biometrics has growing, but not sole, role in authentification security (Information Management)

“Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo,” said Peter Tsai, senior technology analyst at Spiceworks. “Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”

It looks like this 2013 post and the paper that informed it are holding up quite well.

In the paper, A Research Agenda Acknowledging the Persistence of Passwords, Cormac Herley and Paul C. van Oorschot write:

“Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats. “

All this is still true. Biometrics, however, can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type. In other words, biometrics can be combined with rudimentary passwords to bring an end to the “password arms race” where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.

 

All posts

Market analysis from IndustryARC

Next Generation Biometrics Market is estimated to be $5.9 billion in 2014 and is growing at a healthy CAGR of 22% (IndustryARC)

The market is characterized by established brands with high revenue; high R&D capital reserves and well instituted distribution channels. But, the market place is also being disrupted by firms with innovative solution that have emerged to solve specific problems. With cost effective solutions offering greater security, companies will be able to position themselves uniquely.

Biometrics industry overview

Breaking Down Biometric Security (TechZone360)

Biometric security isn’t a new phenomenon, but until recently its real life applications and benefits have been underutilized by companies in most industries. However, recent buzz worthy announcements like Apple using Touch ID for enhanced security as part of Apple Pay and Miami International Airport integrating biometric fingerprint data into their passport control kiosks, are proving that biometric security is finally poised to become the norm.

Read the whole thing. The piece does a really good job of tying together various issues in the overall biometrics landscape.

Changing of the Guard at Secure Identity & Biometrics Association

SIBA Names Troy Potter of L-3 National Security Solutions as Chairman; SIBA Selects Commercial Identity Expert to Lead Growing Member Association (SIBA)

SIBA is a non-profit association that was established in February 2014 to steadfastly promote responsible policy, education and implementation of solutions that protect and secure identity across private and public platforms.

Potter was chosen because of his vast experience in both the government and industry. He served as the Identity Services Branch (ISB) Deputy Assistant Director at the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program and was US-VISIT’s Biometrics

Systems Program Manager for a number of years, responsible for the management and oversight of one of the largest biometrics systems in the world. Today Potter is the vice president of L-3 NSS’ Global Solutions Sector and leads all L-3 NSS Border Security and Biometrics programs.

US: IBIA wants NIST to do more for biometrics

NIST Urged to Expanded Role of Biometric Authentication (Find Biometrics)

…IBIA Vice Chairman Walter Hamilton pointed to recent years’ “surge in the use of biometric technologies for mobile banking and other e-authentication applications,” adding that “NIST should support this trend by providing guidance on how to ensure the effective implementation of biometrics as an authentication token rather than narrowly limiting its use.”

New biometrics advisors to focus on use cases

Market Research Firm Announces Biometrics Advisory Service (Find Biometrics)

Tractica’s approach is to focus on use cases, which Lockhart says “define the biometrics market opportunity.” The company has classified 142 use cases, and offers a profile specific to each with respect to “business function, industry, and modality.” And the advisory service consider a wide range of biometric modalities, from the widespread (fingerprint scanning, facial recognition) to the more obscure (electrocardiogram and DNA recognition).

Technology isn’t an application, so the focus on use cases is appropriate.

Forecast: Key biometrics industries and applications – 2024

Biometrics Market Forecasts (Tractica)

Tractica’s forecasts indicate that key industries in the biometrics market over the next decade are likely to be finance, consumer devices, healthcare, and government, followed by enterprise applications, defense, education, law enforcement, and non-government organizations. Key use cases that are likely to drive biometrics revenue over the next decade include consumer device authentication, mobile banking, automated teller machines (cashpoints), government IT systems, point-of-sale transactions, pharmacy dispensing, and wearable device authentication.

CyberSec: So hot right now

Why Venture Capitalists Love Security Firms Right Now (MIT Technology Review)

Venture capitalists poured a record $2.3 billion into cybersecurity companies in 2014, a year marked by frequent reports of hacks on high-profile companies. Yearly investment in cybersecurity startups been on the rise for several years now, and is up 156 percent since 2011, according to CB Insights. The trend will likely continue, as 75 percent of CIOs surveyed by Piper Jaffray said they would increase spending on security in 2015.

Predicting the future of security

IDC Reveals Worldwide Security Predictions for 2015 (TMCnet)

Some excerpts:

2. Biometric Identification – Mobile devices have biometric capabilities and in 2015 we expect that 15% of those devices will be accessed biometrically, and that number will grow to 50% by 2020.

5. Security SaaS – Enterprises will be utilizing security software as a service (SaaS) in a greater share of their securiy spending. By the end of 2015, 15% of all security will be delivered via SaaS or be hosted and by 2018 over 33% will be.

6. User Management – By 2016, multi-factor authentication will be the primary method of access control used by 20% of enterprises for highly privileged or otherwise sensitive accounts.

There’s a lot more good information at the link.

Forecast: Germany law enforcement biometrics CAGR 17.6% through 2018

Law Enforcement Biometrics Market in Germany 2014-2018 (Companies and Markets)

A major driver of the market is the high demand for security. The Government sector, especially the law enforcement bodies, is in need of more secure and protected security measures. The increase in investments by the government in biometric solutions is a major boost for the Biometrics market in Germany.

Further, one of the major challenges that hinder the growth of the market is the accuracy of biometric systems. The accuracy of the biometric system may not be high enough in certain applications such as negative identification or if the fingerprints are faded, which is a special physical characteristic.

Analysts forecast the Law Enforcement Biometrics market in Germany to grow at a CAGR of 17.6 percent over the period 2013-2018.

The future of large scale deployments

The rise of biometric banking (The Conversation)

Although not yet commonplace, biometrics are expected to become so over the next three to five years. Currently, the biggest users are governments which have already implemented biometrics into citizen identity documents (such as passports and national ID cards) and it is estimated that by 2015 biometric citizen IDs will outnumber non-biometrics by 4:1. In 2006, the UK joined 40 other countries in introducing e-passports that use facial recognition technology to authenticate citizens.

Read the whole thing.

The findBIOMETRICS 2013 Year in Review is out

Biometrics Makes Headlines – The findBIOMETRICS 2013 Year in Review (findBIOMETRICS)

From Peter O’Neill’s introduction:

What a year for the Biometrics and Identification Industry! The past year in biometrics was explosive. Biometrics has become real. From the rapid growth of the FIDO Alliance to the Consumer Electronics Show that hailed in 2014, biometrics are being talked about everywhere! Industry verticals like Border Control, Financial, Healthcare, Law Enforcement, National ID, etc. are all moving aggressively ahead into 2014. Our industry made headlines in 2013 and will continue to do so in 2014, so …be prepared…be innovative …be ready to capitalize on a rapidly growing marketplace.

We received responses from Canada, Spain, Russia, China, Ireland, Mexico, Brazil, Hong Kong, Sweden, Germany, UK, France, Korea, The Netherlands, Taiwan, Lithuania, Singapore, Japan, Italy, Malaysia and the USA.

Here’s a link straight to the 33-page PDF report.

Recent M&A a sign of biometrics’ importance to electronics industry

Recent Synaptics (SYNA) Biometrics Acquisition Boosts Sector (Investor Ideas)

Alan Goode, Managing Director of GoodeIntelligence.com said of the acquisition – “The acquisition of Validity Sensors, by Synaptics., is another sign of how important biometrics is becoming to consumer technologies. I believe this is a good match between Synaptics, who has a strong track record of developing touch-based consumer solutions, and one of the remaining independent mobile biometric sensor manufacturers. This is about giving consumer electronics products better, more convenient, security and opens up fingerprint-based biometrics to other consumer devices. We expect that additional biometric modalities, including voice, facial, eye and behavioral will be quickly integrated into other electronic devices and cloud-based services.”

Intel to Invest $100 Million in Voice, Gesture Technologies (Wall Street Journal)

Intel […] Capital, the global investment arm of chipmaker Intel Corp., is setting up a $100 million fund to invest in “perceptual” computing technologies like voice and gesture control, company executives said. The fund will invest over the next two to three years in firms making software and applications with functions like imaging, gesture and voice control, emotion sensing and biometrics, the company said.