CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence

Official Media Partners for:

Geoff Anderson, CEO, PixelPin writes for Defence Online and argues that biometric solutions might not represent the future of security after all…

Anyone of a certain age who grew up with an interest in sci-fi will have seen characters open doors and log in to computers with either a press of their fingerprint or a quick scan of their eye like in 2001: A Space Odyssey. It all added a little bit of futuristic glamour to what can be a pretty mundane part of life.

As is often the way real-life technology tends to catch up with our imagination and biometrics are now everywhere: from debit cards that were trialled in the UK earlier this year to the lock screens of our phones, tablets and laptops. As biometrics have filtered into the mainstream – largely driven by our mobile devices – they’ve often been touted as the next step in personal security. Never again will you be stuck at the checkout trying desperately to recall your PIN as the queue behind gets more and more impatient. What’s more unique, personal and memorable than your own face or fingerprint?

The reality, however, is not as good as our imagination. Once the novelty and convenience are taken out of the equation, there are some serious questions around the reliability and security credentials of the biometric solutions out there today.

The fallacy of reliability

The two versions of biometric authentication that have most permeated into daily life are probably fingerprint and facial recognition. For those with the latest smartphones, they have become the de facto means of unlocking our devices. Simple, quick and low-effort.

They are also not quite as secure as people think. For fingerprint scanners, they typically only read a partial fragment of the fingerprint as opposed to every loop, whorl, arch and ridge. As such, there is a much higher chance for inaccurate results. It’s also been shown that an accurate cast of a fingerprint can be made and used successfully with just a high-res photo.

Depending on the type of technology used, facial recognition also has its problems and not just if you have a twin or unknown doppelganger. Some less thorough systems are easily fooled by a picture of the appropriate person being shown rather than being there in person. Meanwhile, problems with many facial recognition systems based on race and gender are well-documented.

The quality of the physical kit is also a significant factor; both technologies are included in a large number of devices of varying price making quality and accuracy highly variable.

An unreliable failover

Even if we disregard concerns around reliability, there is one glaring flaw that will always limit the efficacy of biometrics as a cybersecurity solution: the reliance on passwords.

As anyone who has set up Face ID or fingerprint on their phone knows, you are required to input your PIN or password first. This password always acts as a workaround to access the service you’re looking to use. They say “you’re only as strong as your weakest link” and when it comes to cybersecurity, that weakest link is often the password.

While the technology we use is becoming more sophisticated and more pervasive, security lags behind in many respects. The password is a relic that has existed as long as people have wanted to protect information. While they might be thought as simple, today the password is rarely fit for purpose.

Part of the problem stems from the fact that good passwords are easy to forget; studies show that we remember passwords based on how often we use them. So if you only log in to something once in a while, good luck remembering that password. As a result, people often try to work around this with easy-to-remember bases for their passwords: birthdays, sports teams, pets’ names and the like. The result is that someone with a fairly superficial knowledge of you could quite easily guess your password. Or, worse still, you could be lazy enough to be using one of the most popular passwords out there.

And it gets worse. Despite warnings otherwise, a lot of people use the same passwords across different platforms, devices and services, and rarely change them. It could be that a password you set up for a long-forgotten BigFoot email or Friends Reunited account is the key for a hacker to get into your Amazon or online banking. So, no matter, how unique your fingerprint is, if you don’t back it up with a strong password it’s little more than a convenient gimmick.

Visual PIN = Convenience + Security

Thankfully, there are alternatives to biometrics and the passwords or PINs used to support them. A visual PIN, for example, is a combination of an image and a sequence of points to create a dual-layer password that is highly secure, unique to the user, and easy to remember.

Unlike biometrics, it doesn’t require specialised equipment to be installed, just a screen like that found on almost every smart device. Likewise, it can be used anywhere, on any device – not just the one it has been set up on.

Furthermore, when compared to passwords. The strength lies in the picture superiority effect: we remember images more accurately than words making it far easier to recall an image-based password than a traditional character-based password. As a result, image-based password reset rates are significantly lower than the average for character-based password reset rates (17% vs more than 33% of alpha-numeric passwords forgets). It’s more secure and less susceptible to hacks and guesses.

For now – at least when it comes to security – biometrics should stick to the pages and screens of sci-fi.

Want to know more?

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

biometrics cyber security Innovation PixelPin technology

Post written by: Matt Brown

LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


RELATED ARTICLES

Scotland-based SME Zelim has won a contract with the US Navy to deploy their innovative AI-enabled Person-in-Water detection and tracking technology, known as ZOE.

November 13, 2024

Maritime - How DASA-backed AI innovation is revolutionising maritime rescue

Scotland-based SME Zelim has won a contract with the US Navy to deploy their innovative AI-enabled Person-in-Water detection and tracking

Three UK based SMEs have been awarded funding through the latest rounds of the Defence Technology Exploitation Programme (DTEP)

October 23, 2024

Homeland - DTEP funding announced for three more UK SMEs

Three UK based SMEs have been awarded funding through the latest rounds of the Defence Technology Exploitation Programme (DTEP).  High Temperature