access control, hardware, logical, passwords, schools

Schools should consider biometrics to protect personal information

Schools put pupils’ information at risk (The Telegraph)

Schoolchildren’s addresses, routes to school and even fingerprints are at risk of exploitation because nearly half of schools have no policy for handling pupil data, researchers have found.

If schools are unable to keep data secure, biometric template information is the last thing that should concern parents.

As the article points out, schools also keep academic records, behavioral records, medical records, socio-economic assessments for administering school lunch programs, home address information, counseling notes and a ton of other information that is much more sensitive than a fingerprint template consisting of a string text characters that cannot be used to learn anything about a student.

Too often, news accounts use biometrics as the ultimate example of private information and the hook on which to hang all sorts of fears the reader is supposed to imagine — i.e. part of the problem — when they are actually part of the solution. Because biometrics are far superior to usernames and passwords for securing personal information, I’d suggest that all electronic access to student information should be controlled biometrically.

Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.

Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can’t just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.

Previous ArticleNext Article