How breakthroughs in privacy-enhancing technologies enable the future of biometric authentication – IFSEC Global

Posted on by

London Tech Week

The first virtual London Tech Week took place in early September, providing attendees with unmissable content from a range of experts discussing the latest innovations in tech and its impact on businesses. Security featured in several discussions, including in one seminar where Fabian Eberle explored how breakthroughs in privacy-enhancing technologies were enabling the future of biometric authentication. Olaf Jensen reports.

Passwords have been around for around 60 years, but they no longer provide the protection from cyberthreats they once did, and new alternatives have emerged that may yet supplant them.

Indeed, Fabian Eberle, COO and Founder of cybersecurity firm Keyless speaking at London Tech Weeks digital conference earlier this month, sees it as an ambition to eliminate the humble password. He can do this, he says, through a combination of machine learning and multimodal biometric authentication that he believes will revolutionise how people are identified and authenticated.

The need to replace passwords is particularly pressing because they are notoriously insecure. It may come as no surprise that an astonishing 2.3 billion credentials were stolen by hackers and cybercriminals in 2017 alone.

Why? Because nobody follows best practice when it comes to password security. Even IT leaders are not immune: around 55% of them reuse the same password across multiple services in fact, 51% of all passwords are reused. All this means that around half of all helpdesk calls are for password resets, and passwords cause approximately 80% of all data breaches.

There are typically three factors of authentication used today: inherence, such as physical characteristics used in biometric security like our face or fingerprints; possession, as in something we carry that generates a pin code; and knowledge, which covers anything we have to remember like a PIN or a password.

Each has benefits and drawbacks. For instance, while passwords are quite secure in theory, remembering them can be difficult and once they are compromised, they offer no additional security, and a centralised database of passwords attracts the attention of hackers. Biometrics, meanwhile, are unique to us, meaning theres nothing for us to forget, but it is sensitive data and storing it is a burden for businesses they also cannot be changed.

The main challenge is to balance the trade-off between security and privacy on one hand, and convenience and user experience on the other. Which of these matters most is extremely dependent on context: users consistently rank security above convenience when it comes to, for instance, a banking app, while prioritising convenience for social media.

COVID-19 has arguably highlighted the need for what Eberle calls a password-less paradigm. Greater digitalisation and an increasingly mobile or homeworking workforce has made the password more cumbersome. Indeed, data suggests that the average worker spends around 24 hours entering passwords each year.

Biometric security is set to play a big role. A demand for a better customer experience, the growing threat of cyberfraud there has been a 600% rise in phishing attacks during the coronavirus pandemic and more stringent data protection regulations such as GDPR have driven the adoption of biometric authentication. Its convenient, already familiar from our smartphones, and requires the use of something we always carry around with us, such as our face and fingerprints. But its not fool proof, and still needs an extra layer of protection.

The solution, explains Eberle, is to combine multiple authentication factors, such as a one-time, generated pin code and a fingerprint scan. This is known as two-factor authentication and is increasingly recommended to individuals as well as businesses as the best line of defence against cybercriminals. To Eberle, multi-factor security should be baked into a system by design.

Eberles Keyless software is just one of a new generation of security providers that combine multiple security measures. In this case, that means machine learning, cryptography and biometrics. It lacks a centralised database, making it less of a target for hackers, and features anti-spoofing software that means photographs wont fool the biometric sensor. In the future, the system may even measure behavioural characteristics such as keystrokes or the precise way the user holds their phone.

A greater consumer awareness of privacy and security means firms will increasingly seek to give users personal control over their data. Services like Keyless are the start of that process, because they do not centralise control of their users data in one place. But the humble password, stored centrally or dependent on the users memory, may have no place in that future.

Find out more about the topics under discussion at London Tech Week.

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Global's essential weekly newsletter. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

How breakthroughs in privacy-enhancing technologies enable the future of biometric authenticationOlaf Jensen reports from London Tech Week, this time a digital event for the first time, where privacy-enhancing technologies to improve biometric security was on the discussion table.

Olaf Jensen

Biometric security systems: a guide to devices, fingerprint scanners and facial recognition access control

Use of automated facial recognition by South Wales Police deemed unlawful, court rules

Inner Range announces updates to Inception

Continued here:
How breakthroughs in privacy-enhancing technologies enable the future of biometric authentication - IFSEC Global

Related Posts
This entry was posted in $1$s. Bookmark the permalink.