However, using passwords has its flaws; they are either too hard to remember or too easy to crack. Industrial espionage can expose an organization’s product and process blueprints to competitors, leading to huge losses. The data hacks on Target and other stores earlier this year highlight the vulnerability of using passwords for data protection.
Security experts have been looking for ways to enhance data security for organizations and individuals. One technology that is favored to replace the use of passwords is biometric authentication.
Biometric authentication involves the use of fingerprints, facial recognition, voice recognition, irises, palm prints, eye tracking, and even behavior in order to authenticate users. The technology is already in place but has not yet gone mainstream. The military is perhaps the best-known adopter of biometric technology.
Various companies have been trying to make biometric go mainstream. In October 2011, Google showed off its “Ice Cream Sandwich” operating system for smartphones, which allowed users to unlock their phones with their faces. However, security vulnerability of the authentication process quickly led to concerns when people pointed out that it was possible to unlock a phone by holding up a picture of an authenticated user.
Despite many bottlenecks, tech companies still believe the future of data protection lies in biometric technology. IBM Fellow, David Nahamoo, is on record saying biometrics would replace passwords by 2015.
According to Nahamoo, biometric data – voice files, iris scans, facial features, and even your DNA – will become key to safeguarding personal and organizational information by 2015. These biometric authentications will replace the current user ID and password system that has many flaws.
The business and consumer world has been moving from devices like desktops and laptops to smart devices like tablets and smartphones. Many ERP solutions are also moving to the cloud or are being integrated with other cloud-enabled devices like mobile phones.
However, most of these smart devices are yet to be fitted with operating systems and security elements as strong as those in immobile devices in the market. Biometric security can strengthen the weaknesses in the current devices and sunset the use of passwords.
For instance, employees may be able to connect to cloud ERP from their tablets and use biometric authentication such as fingerprint or iris scan to access the system.
Authentication levels based on user privileges is also possible with biometric security. Users can be authenticated to access various data or systems based on the privileges assigned to them in the organization. The IT department will be able to authorize or revoke user access for certain systems.
Challenges of Biometric Technology
The cost of biometric security has significantly gone down over the past decade. However, there are still some hurdles that need to be addressed before the technology gains support from the masses.
One of the issues that must be addressed is with regards to privacy. Some users may not want their biological information tied to systems, and hence may not be keen to adopt biometric authentication. Another issue is where the biometric information is stored and how secure the data will be.
Organizations like FIDO (First Identity Online), which includes companies like PayPal, BlackBerry, Google, Microsoft, and others are trying to come up with standards for biometric solutions and data storage. FIDO has a FIDO Ready certification that outlines best practices for companies providing biometrics security solutions.
The security of biometric systems is another challenge that needs to be addressed. For example, what happens if a user is held at gunpoint and forced to have his iris scanned to provide a third party access to data?
Biometric companies are looking at integrated authentication options to improve security of the technology. New biometric devices are being designed that will take different data from a user such as heart beat, size of the iris, and other features that can identify duress when one is trying to request system authorization.
Biometric technology is bound to go mainstream in a few years. It is just a matter time before ERP systems with biometric authentication are developed.