More secure and more convenient

Research shows organisations turning to biometrics (Planet Biometrics)

“The research, based on survey results from 200 U.S. senior IT decision makers, outlines how there is a lack of confidence of passwords alone to secure data sufficiently while highlighting how organizations are moving towards biometrics to better safeguard their most critical assets.”

“Harnessing the Power of Biometrics: The overwhelming majority of respondents agree that biometrics is the most secure authentication method for both organizations (86%) and consumers (86%) to use. Respondents believe the main reasons for using biometric authentication include overall better security (63%), increased workforce productivity (54%) and better accessibility (50%).”

Usually, increasing security decreases convenience. Biometric solutions offer a rare chance for organizations to increase security and convenience at the same time and senior IT staff are starting to embrace the opportunity.

 

The persistence of passwords

Biometrics has growing, but not sole, role in authentification security (Information Management)

“Many IT professionals aren’t convinced biometrics can serve as a secure and reliable replacement for the standard username and password combo,” said Peter Tsai, senior technology analyst at Spiceworks. “Unless technology vendors can address the security issues and privacy concerns associated with biometrics, the technology will likely be used side-by-side in the workplace with traditional passwords or as a secondary authentication factor for the foreseeable future.”

It looks like this 2013 post and the paper that informed it are holding up quite well.

In the paper, A Research Agenda Acknowledging the Persistence of Passwords, Cormac Herley and Paul C. van Oorschot write:

“Passwords, though unloved, deserve some words of praise. They have brought us this far: they are the means by which two billion Internet users access email, banking, social networking and other services. They are essentially free from the service provider viewpoint, and are readily understood by users. They allow instantaneous account setup. Revocation is as simple as changing the password. Those who forget their passwords can be emailed either reset links or the passwords themselves (this practice, though insecure, is common for low-value sites). All of this is automated and instantaneous. They allow access to one’s accounts from anywhere in the world assuming nothing more than a simple browser. Sophisticated users can protect themselves from many of the threats. “

All this is still true. Biometrics, however, can also be used as a way to return the password to the simplicity of the PIN. For example: a fingerprint scan associated with a weak password such as a 4 digit PIN provides far stronger authentication than any password a human could be expected to type. In other words, biometrics can be combined with rudimentary passwords to bring an end to the “password arms race” where the main coping strategy has been longer, more complex and more frequently changing passwords — i.e. the real reasons people tire of the humble workhorse of the ID game. So instead of replacing the password, biometrics might one day be used as a way to salvage what makes it great while minimizing the frustrations associated with over-reliance upon it.

 

All posts

Survey says…

Fingerprint scanners most popular alternative to banking passwords (Computer Weekly)

The increasing use of mobile banking apps and the deluge of apps requiring passwords makes biometric security attractive.

The survey found that 52% of consumers would like banks to integrate fingerprint scanners into digital banking apps. This was the most popular followed by Iris scanners (33%), facial recognition (30%), electrocardiogram heartbeat monitors (29%) and voice verification (27%).

We’ve made the point before that reasonably strong passwords are even more inconvenient on mobile devices.

The findBIOMETRICS 2013 Year in Review is out

Biometrics Makes Headlines – The findBIOMETRICS 2013 Year in Review (findBIOMETRICS)

From Peter O’Neill’s introduction:

What a year for the Biometrics and Identification Industry! The past year in biometrics was explosive. Biometrics has become real. From the rapid growth of the FIDO Alliance to the Consumer Electronics Show that hailed in 2014, biometrics are being talked about everywhere! Industry verticals like Border Control, Financial, Healthcare, Law Enforcement, National ID, etc. are all moving aggressively ahead into 2014. Our industry made headlines in 2013 and will continue to do so in 2014, so …be prepared…be innovative …be ready to capitalize on a rapidly growing marketplace.

We received responses from Canada, Spain, Russia, China, Ireland, Mexico, Brazil, Hong Kong, Sweden, Germany, UK, France, Korea, The Netherlands, Taiwan, Lithuania, Singapore, Japan, Italy, Malaysia and the USA.

Here’s a link straight to the 33-page PDF report.

More research shows the public is receptive to biometric technologies

Biometric payment methods set to rise in popularity as consumers steer away from mobile devices (ITProPortal)

Recent research from WorldPay revealed that paying for goods and services through fingerprint, palm and iris scanners is the most popular future technology choice for security-conscious shoppers, far outweighing the popularity of emerging mobile technology options like smartphone and SMS payments, and online wallets.

See also:
Unisys Poll: 63% of credit card users would prefer fingerprint (October 14, 2010)
Unisys Security Index Survey Finds High Levels of Support for Biometric Solutions (May 10, 2012)
Australia: More on survey of attitudes toward banking biometrics (October 4, 2012)

July tweet chat: Steria and their recent survey of European opinions on biometrics

When:
July 25, 2013 11:00 am EDT, 8:00 am PDT, 16:00 pm BST, 17:00 pm (CEST), 23:00 pm (SGT), 0:00 (JST)

Where:
tweetchat.com/room/biometricchat (or Twitter hashtag #biometricchat)

Host:
John at M2SYS

Guest:
Steria Group (Twitter: @Steria) will be discussing the results of a recent European survey on biometric technology they conducted which revealed that although many support the use of biometrics for criminal identification and for use in passports and identity cards, less than half of those surveyed were amenable to using the technology to replace personal identification numbers (PINs) in banking.

Topics:

  • Results of recent European biometric public acceptance survey
  • Convenience vs. security
  • USA vs. European view of how biometrics impacts privacy and civil liberties
  • “Passive” biometrics
  • How vendors can advance public education of biometrics
  • Viability of new biometric modalities

UPDATE and bump:
John has posted the questions for tomorrow’s discussion:

  1. How do you explain the dichotomy between public acceptance of biometrics for identity cards or passports and the use of biometrics to replace personal identification numbers (PINs)?
  2. While we see “civil liberties” and “privacy” as one of the obstacles to wider use of biometrics in the US, is that the same thing you are seeing in your European survey?
  3. One of the dynamics that appears to be evident is that while people want to guard their biometric data, if they can get to the head of the line (e.g. Clear Me airport security program) they are willing to give up their biometrics.  Can you comment on how convenience and faster transactions might impact the more pervasive use of biometrics?
  4. Some country’s public sector organizations that have collected biometrics for a specific purpose are making them available for use by the private sector to prevent fraud, assure a person’s identity, etc.  Do you believe this is a trend we will see more of?
  5. How will “passive” biometrics like facial recognition, voice recognition and iris at a distance be accepted since it doesn’t require any specific actions by a person for it to be used?
  6. What strategies can biometric vendors deploy to help advance the public’s understanding of biometric identification that may help it to be more acceptable as a replacement for personal identification (PIN) numbers?
  7. What new or forthcoming biometric modalities (e.g. – heartbeat, thermal imaging, gait, DNA, etc.) do you predict has the best chance to become sustainable in the industry? Are there any specific modalities that you feel the public accepts more readily than others?

What is the BiometricChat:
Janet Fouts, at her blog, describes the format:

Twitter chats, sometimes known as a Twitter party or a tweet chat, happen when a group of people all tweet about the same topic using a specific tag (#) called a hashtag that allows it to be followed on Twitter. The chats are at a specific time and often repeat weekly or bi-weekly or are only at announced times.

There’s more really good information at the link for those who might be wondering what this whole tweet chat thing is all about.

This one, the #biometricchat, is a discussion about a different topic of interest in the biometrics landscape each month. It’s like an interview you can participate in.

More at the M2SYS blog.

Earlier topics have included:
Privacy
Mobile biometrics
Workforce management
Biometrics in the cloud
Law enforcement
Privacy again
Biometrics for global development
Large-scale deployments
The global biometrics industry
Biometrics markets

Modalities such as iris and voice have also come in for individual attention.

I always enjoy these. Many thanks to John at M2SYS for putting these together.

Citizens want strong driver licenses

MorphTrust commissioned Zogby to survey 1,000 U.S. adults.

Survey: Majority in favor of facial recognition (SecureID News)

Overall, when it comes to better driver licenses, 83% support making sure the documents are secure to protect against terror attacks, underage drinking and identity theft. In addition, 83% are in favor of biometric background checks for transportation and warehouse workers who handle hazardous materials.

European attitudes on biometrics

Steria surveyed 3,650 citizens from UK, France, Germany, Denmark, Norway and Sweden in June 2013 on their attitudes toward biometric ID management applications (Press Release via Businesswire India)

81% of European citizens are in favour of using biometrics to identify criminals.

69% support the use of biometrics in identity cards or passports.

69% support the use of biometrics to enter secure areas (access control).

45% are in favour of the use of biometrics to replace PIN numbers for bank cards.

More at the link

Europeans, especially the French, are open minded about biometrics

Majority of Europeans support biometrics for ID cards or passports (Biometrics Update)

Specifically, 81 percent of French citizens favour the application of biometrics for ID documents, compared to 74 percent of Danish respondents and 68 percent of the survey’s British respondents. Across Europe, 69 percent were also in favour of using biometrics as a form of access control for secure areas. In this case, the French respondents proved again to be the most supportive, with 77 percent, followed by the Danes at 75 percent and the Brits at 69 percent.

More survey results including private sector biometrics at the link. The French people surveyed seem to be way more positive on biometrics than their government.

UPDATE:
See also: French shoppers give new payment method the thumbs up.

Biometrics for convenience and security

Air travellers frustrated by security checks: IATA study (The Hindu)

The Survey, which included passengers from 114 countries who had travelled by air in the last 12 months, was released late Thursday in Geneva. The participating countries include India, China, US, Canada, UAE, Ukraine, Indonesia, Sri Lanka, Iran and Iraq.

Among the respondents of the survey, 77 per cent were comfortable to use biometric identification for more convenient airport transit and 71 per cent would prefer to use a self-boarding device at the gate, such as a mobile phone.

An even greater majority (86 per cent) were prepared to provide the airline their passport details in advance to allow a smoother journey. While only a quarter of the respondents have ever used an automated immigration border gate on arrival at an airport using their ePassport or ID card, as high as 91 per cent said they would be interested in such a service to allow a faster arrival process.

There is little to no privacy in international travel. Many people just want to be able to complete the ID processes relied upon by security professionals with a little less hassle.

Challenge!

Theft of fingerprints easier than cutting off a finger, security experts warn (News.com.au)

Associate Professor of math and geospatial sciences at RMIT University, Dr Asha Rao told News Ltd that a cyber criminal wouldn’t need your finger or retina in order to steal the stored data.

”When you watch political or forensic dramas, they show you the fingerprint but that’s not really what is stored as it would take too much time to cross reference,” Dr Rao said.

”To complete the biometric scans you don’t need my finger, you need the hash of the biodata.”

A hash is like an algorithm or template that can be used to decode your data. ”If you steal the template, then you’ve basically lost your fingerprint,” she said.

”It’s actually easier to break than cutting off people’s fingers.”

Oh, yeah?
Challenge!

Step one.Have the experts in question turn this into a fingerprint. Yes, it is a real fingerprint template; no hacking required.

2aba08229b3b2a44e72c8f14da168a560a3caf2257add068a7fc1636215bff53152546da3fc8071ea84433a42261f4ff7bc3b455199be8980eea2bb1e922f18aa309e050130d72ca124ecd6e9e86459e60858ff44f71d0c1c4e23b97a9a6554619543e8d347f79ea8fa70db87eaea7f37bf2cac4e697d5525479cc72fb653b5d32089e7b3cbcd01f8dba60eda95a50a31b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c1b2dc9ebaf0d5f602a64ff47f06cf97c 

Step two.Have the experts in question cut off someone’s finger.

Step three.Have them explain which task they’d rather repeat.

“You want a toe?”



[I’ll bet both tasks are much more difficult either from a technical or humane point of view than stealing and using a password. I assume that’s why they are hackers instead of, well, you know – “hackers.” And while, at least according to Walter Sobchak, “I can get you a toe,” fingers are a little harder to come by. After all, people are going to need them to get at their cash.]




Bonus:Explain why any of this should cause any of the reported 79 per cent of Australians who would be comfortable using fingerprint biometrics to verify identity to change their mind (background here & here).

Australia: More on survey of attitudes toward banking biometrics

Following yesterday’s post “Customers Embrace ‘Controversial’ Technology,” comes more detailed information about the survey behind the article.

Australia and New Zealand Banking Group : No cash, no worries your fingerprint will do, new survey reveals (Press Release at 4-traders)

No cash, no worries your fingerprint will do, new survey reveals

Seventy-nine per cent of Australians said they would be comfortable with fingerprint technology one day replacing their banking PIN and more than one third of Australians would prefer to live in a cashless world according to a new survey released today.1 The Newspoll survey commissioned by ANZ also found Baby Boomers are giving younger generations a run for their money, with nearly three quarters of those aged 50-64 more likely to use digital technology over a bank branch for day-to-day banking transactions.

Australians have adopted digital habits for most of their banking needs and will increasingly look to technology to make their financial lives easier in the future, with the survey finding:

• Not surprisingly 88 per cent of people aged 18 – 34 prefer to use digital technology over a bank branch for day-to-day transactions but their Mums and Dads weren’t far behind at 75 per cent;

• 38 per cent of Australians would prefer to live in a world where they didn’t need to carry cash;

• 40 per cent of people even accepted the idea of one day outsourcing their finances to a digital personal assistant – an intelligent computer program which makes financial decisions and moves money between accounts on your behalf;

• 49 per cent of 18 -34 year olds like the idea of a digital personal assistant but

with only 30 per cent of Baby Boomers indicating they would be likely to use the technology;

• 67 per cent of Australians would be comfortable using a machine that scans your eye to verify identification in place of a pin; and

• 73 per cent of people find it inconvenient when small businesses don’t accept cards and only cash, with 82 per cent of 18-34 year olds finding cash only policies the most frustrating. There’s more in the press release at the link. See also: ANZ rolls out new customer-facing tech (itnews)

Unisys Security Index Survey Finds High Levels of Support for Biometric Solutions

The dedicated home for the Unisys Security Index is a gold mine of information about how security issues are perceived by the public in Mexico, Colombia, Hong Kong, Brazil, Germany, New Zealand, US, Belgium, Spain, Australia, UK, Netherlands and globally.

In general Unisys has found that individuals have shifted their attention from national security issues to individual security issues and (except Brazil & Mexico) are more focused on information security than physical security.

The video below shows that people are extremely receptive to biometric ID management solutions for better security.

Mobile Security & the Bi-annual Unisys Security Index Survey (Help Net Security)

Unisys also surveyed U.S. respondents on their preferences for securing their mobile work devices when used outside of the workplace. Fifty-five percent of U.S. respondents said they prefer using complex passwords (combinations of uppercase and lower case letters, symbols and numbers) for mobile security.

Biometrics such as fingerprints, voice or facial images were the second most preferred method, with 37 percent of respondents showing preference for one or more of those methods for protecting mobile devices outside the workplace.

Nearly a third (32 percent) of respondents said they prefer simple passwords for securing their mobile devices outside the workplace.

“This is a worrisome finding for executives and enterprise IT managers,” Vinsik added. “Passwords alone simply do not provide a sufficient level of security to protect sensitive data against today’s sophisticated cyber criminals. Organizations need to leverage the use of facial and voice biometrics that most smart phones are capable of supporting today.”