December 07, 2022
Biometrics technology is slowly taking over many aspects of people’s daily lives. Fingerprint recognition was one of the first biometric verification methods widely adopted in the workplace for national identification and law enforcement. Recently, consumers have witnessed the integration of facial, voice, and iris identification in mobile access, e-commerce platforms, airport security, banking, and virtual assistant applications.
Convenience and tougher security are the primary advantages of biometric authentication over passwords and PINs. Using features that are part of the person means that one can easily access a physical facility or online service without the need to recall long, complicated character strings. More importantly, as it is unique to them, biometrics are exceedingly challenging to cheat.
However, not all passwordless authentication systems are created equally. Some are built stronger, while others still expose the users to vulnerabilities. The weak ones might be effective in safeguarding the organization from common cyber risks. But they might not be enough to protect users from threats equipped to beat weak biometric authentication systems.
For example, some fingerprint-based authentication in mobile devices have sensors that are only limited in size. Because of this constraint, the sensors can only scan a relatively small fragment of a fingerprint at a time. The system overcomes this limitation by capturing partial fingerprint patterns at different angles to ensure that at least one of them matches the impressions received during authentication.
In a paper studying partial fingerprint-based authentication systems, the researchers revealed that a “MasterPrint” – created from real fingerprint samples, can trigger a successful authentication 26-65% of the time. The findings also showed that the more partial fingerprints are captured for each user, the more vulnerable it is. For small sensors to work securely, they must have significantly higher resolutions to capture more fingerprint features.
A data breach is also one risk to biometric authentication. In 2019, Vpnmentor discovered a data leakage in a centralized biometrics application, exposing around 28 million of its biometric records. Security researchers discovered that the database for their highly sensitive data was unencrypted. The danger of stolen biometrics information is that the users’ features are immutable, thereby exposing them permanently to spoofing risks.
Another emerging threat to biometrics authentication is the deepfake or synthetic media. It is an application of the artificial intelligence (AI) method called deep learning that creates a fake image, video, or audio of an individual. It has been widely used today to impersonate and discredit public figures, but it poses a greater danger, especially when used for financial fraud. In January 2020, a bank fraud was perpetrated using a deepfake voice technology that led to the transfer of $35 million into the wrong hands.
As criminals become more resourceful in executing these schemes, organizations face the challenge of adopting tougher security and authentication methods. Fortunately, companies can employ solutions that not only safeguard against general risks but also allow minimal to no vulnerabilities criminals might take advantage of.
FIDO2 Passwordless Authentication
FIDO (Fast IDentity Online) was created by FIDO Alliance, an open association of the world’s leading tech companies dedicated to changing online authentication away from passwords. FIDO2 is a set of protocols that provides mechanisms for more secure and easier identity verification, like the use of biometrics and second-factor authentication.
The development of FIDO2 addresses the issues with password and safety concerns relating to user data. It provides an additional set of functionality that effectively eliminates the need for passwords and one-time passwords (OTP) while ensuring strong security and a better user experience in digital platforms.
The approach of the standard is in using a personal device (e.g., smartphone or token) that uses a set of cryptographic keys to securely access FIDO2-enabled services. What makes it safer is that the authentication data, such as the user’s biometrics, is never stored in the service. This setup gives users better privacy and protects their login credentials from hackers. It also protects organizations against common threats of phishing, session hijacking, man-in-the-middle, and malware attacks.
FIDO2 features Web Authentication (WebAuthn) API that allows web applications to use a single authenticator (e.g., fingerprint or facial scan) on any site that supports the standard. In addition, its Client to Authenticator Protocol (CTAP) specification enables expanded use cases that give users wider device flexibility. CTAP permits mobile handsets and FIDO2 security keys to work well with browsers, desktop applications, and web services. Therefore, FIDO2 not only makes authentication more secure but also offers a better user experience.
The development of FIDO2 from the past FIDO standards is an indication of growth towards a secure passwordless system. Moreover, it is also a move to anticipate growing concerns surrounding biometric authentication. Integrating organizational and business platforms with FIDO2 authentication standards elevates user authentication and identity proofing, thus strengthening fraud prevention and anti-cybercrime mechanisms.
LoginID – FIDO2 Certified Biometric Authentication for Websites, Applications, and Services
Equipping the business’s digital portals with just any authentication measures is not enough to deter hackers from targeting the company. As not all biometric authentication systems are created equally, weaknesses might still expose the organization to cyber threats. Aside from educating and training the organizational members on detecting and avoiding cybercrime red flags, investing in a reliable and safe authentication solution will help defend the company from risks.
Enterprises can now easily integrate their systems and platforms with FIDO2 passwordless authentication with a LoginID solution. LoginID is a FIDO2-certified biometrics authentication provider that provides strong employee or customer verification and transaction confirmation. With LoginID, companies better protect their data and resources while making their brand more trustworthy to customers.
Unlike other solutions in the market, LoginID does not depend on insecure methods such as probabilistic risk-based authentication (e.g., device fingerprinting) and proprietary biometrics algorithm (e.g., liveness detection). These techniques either require a lot of data to be effective or cause issues that pose additional risks to the company. Using FIDO2 standards, LoginID improves security, privacy, and convenience, while keeping in mind the dangers of passwordless authentication and resolving them.