Can Biometric Authentication Solve Our IAM Problems?

Biometrics Authentication in IAM Systems

Most office workers will tell you that proper management of a company's digital assets is one of the major problems system administrators face. In theory, a reliable Identity and Access Management (IAM) system is the first and most important step towards overcoming this challenge. Most office workers will also tell you, however, that they have yet to see a truly well-designed and properly configured IAM system.

While the world is moving forward, IAM systems are sitting still

Here's a recent incident that illustrates the problem rather clearly. In late 2018, a member of Microsoft's support team somehow managed to lose their workplace login credentials. The username and password fell into the hands of crooks who spent at least three months reading through email messages and other information that belongs to an undisclosed number of Outlook users. Although Microsoft doesn't appear to be too keen on sharing many details, the information we've got is enough to conclude that the Redmond-based software giant made a few mistakes.

For example, we may not know the exact position of the support person that got their credentials exposed, but we know that they had access to things like email messages, attachments, subject lines, and sender and recipient addresses. Even if you think that a support person should have access to this type of data, the breach disclosure pointed out that the attack came from outside Microsoft's network which, in itself, suggests that two important things were missing: two-factor authentication and geolocation restrictions. In other words, all that stood between the attackers and people's personal information was a set of login credentials.

Can biometrics help companies protect their data?

We've talked about how the password is slowly but surely becoming the authentication method of yesteryear. Although it was reliable enough some time ago, in the modern threat landscape, it is starting to show its flaws. And yet, even multi-billion-dollar giants like Microsoft still rely on it for some pretty important tasks.

For the time being, the only real alternative comes in the form of biometric authentication. But how likely are companies to start implementing biometrics into their backend infrastructure? And how many problems will this solve?

Nobody can really answer the first question definitively, but it's fair to say that unless we come up with another revolutionary way of giving the right people access to the right information, biometrics will probably be a part of our office routine at one point in the future. There are, of course, obstacles like the investment in hardware components, but as the technology evolves, the prices are going down, and sooner or later, the benefits will outweigh the initial outlay. There are certainly quite a few benefits.

No more weak passwords

In an IAM system, employees have one password with which they access all the information they need to do their job. This certainly makes day-to-day activities much easier, but it also creates a problem.

Because we have a one-password-to-rule-them-all scenario, you must make sure that employees use a strong password. Experience has taught us that left to their own devices, users just won't do it. Even if you put specific requirements, like, for example, mandatory use of digits and special characters, people will still come up with something like "Password123!". When they’re trying to protect their own social media accounts, this is hardly ideal, but when corporate data is on the line, the stakes are much higher, especially for the people who are in charge of keeping it safe.

The implementation of a biometric authentication system eliminates this problem. People can't have easy-to-guess fingerprints or retinas, and the biometric data will never be susceptible to brute-force or dictionary attacks.

No more reused passwords

Some of you will try to nudge employees towards better passwords by not only enforcing requirements for the use of numbers and symbols but also by disallowing known passwords or keyboard patterns. Even this can't guarantee that they will treat their passwords right.

Most likely, some of them already have a reasonably strong password which they use for their personal accounts. They will probably think that creating and remembering another strong password is just not worth the effort, so they'll just use their personal one. Then, one of the online services they use will get breached, and their password will end up on a credential stuffing list. If, like Microsoft, you have configured your systems to be accessible from anywhere in the world, this could soon turn into a rather big problem.

Biometrics eliminates the threat in two ways. First, biometric authentication requires the physical presence of a person which severely limits the ability of hackers who like accessing information remotely. In addition to this, we have yet to see lists of biometric details that have been stolen from one online service and can be used against another.

No more forgotten passwords

You can try to go around people's reluctance to take security seriously by taking the password creation process into your own hands. Every employee gets a long, complex, and unique password without which they can't do their job. While some may argue that this means "forcing" security down people's throats, others will say that there's nothing wrong with it as long as the valuable data is protected.

Unfortunately, there is a problem because in most cases, people will try to memorize the long, complex password you've given them, and inevitably, some will fail to do so. Those who can't be bothered with remembering it will write it down on a piece of paper or stick it to their monitors which isn't exactly commendable behavior, either.

When people forget their passwords and/or lose the yellow pieces of paper they've written them on, they need to have them reset. And this is a waste of time both for the employees and for the sysadmins. For obvious reasons, this won't be a problem in a biometrics-based IAM system.

No more unhappy employees

Why are more and more smartphones and tablets equipped with biometric authentication? Well, as we have established so far, login mechanisms of this sort have certain advantages over the traditional username-and-password scheme. The main reason why vendors are letting us unlock our devices with our fingerprints, faces, and, more recently, retinas, however, is because it's so much more convenient.

Remembering a single strong, long, and unique password requires a not insignificant mental effort, and typing it takes valuable time. By contrast, anyone with a fingerprint reader or face recognition on their mobile phone will tell you that biometric authentication is much easier and all but instantaneous.

Putting as fewer obstacles in front of employees as possible can improve their morale and productivity. That's what the boss wants, and that's what biometric authentication promises. So, what are we waiting for, then?

Things we need to consider before we get too excited about biometrics

Implementing biometric authentication can certainly solve many problems companies are currently experiencing with their IAM systems, but unfortunately, doing it is not as straightforward as installing a few fingerprint readers.

As we mentioned at the beginning of the article, setting up a biometric system costs money which is bound to upset the accountants, but even if they cave in, sysadmins should still keep one or two things in the back of their minds.

For example, they shouldn't forget that although it has come a long way, the technology is still not perfect. If it was, we wouldn't have had a password as a backup authentication mechanism on our face-recognizing and fingerprint-reading smartphones.

As soon as we make it reliable enough, we will start implementing it, that much is certain. The more popular it becomes, however, the more likely it is to fall in the cybercriminals' sights. So far, we have yet to see any large-scale, successful attacks on biometric authentication systems in the wild. Let's just say, however, that over the years, we have introduced many new pieces of technology that are supposed to make our online lives more secure and convenient. The crooks have attacked all of them, and with most, they successfully found a way around them. Whether biometrics will be among the few exceptions is for time to tell.

By Duran
April 19, 2019
Password Security
English
April 19, 2019
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Tips

Apple iOS vs Android: What Are the Differences in Biometric Authentication?

If anyone tries to persuade you that biometric authentication has killed the traditional password, don't believe them. Although we use fingerprint readers and facial recognition multiple times a day, we still have... Read more

November 7, 2018
How To

The Password Problem and How People Can Solve It

Every year, security specialists analyze mountains of leaked data and put together a list of the worst passwords people use. For years, '123456' has been at the top of the list, followed by other ugly entries like... Read more

March 20, 2018
Password Security

What is Two-Factor Authentication?

As you probably know very well the modern world is well into the digital age, and with that, we see an increase in cyber-crime and online fraud. I doubt you don't know at least one person, who hasn't had his or her... Read more

April 16, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.