Last month, hackers used “Internet of Things” (IoT) devices — in this case video surveillance cameras and recorders — to create digital armies called botnets and cripple a large portion of the Internet in the U.S., including such popular venues as Netflix, Google and Twitter. The vulnerability that these IoT connected devices presents often resides in default or too-easy-to-guess passwords. That is why the White House and the National Cyber Security Alliance recently launched a new initiative called “Lock Down Your Login,” which specifically recommends multi-factor authentication. Among the strongest tools it suggests: biometrics.
Biometric technology relies on the “something you are” principle — a characteristic such as a fingerprint, vein, iris or multi-point face recognition. This makes it much harder for potential thieves and hackers to break into a logical environment that includes that level of protection. Even banks are starting to recognize this, with institutions such as J.P. Morgan Chase, Wells Fargo and Bank of America incorporating the use of biometrics on smartphones as a more secure way of validating the user than a mere password or pin. Several phone manufacturers now include fingerprint readers in their handsets; facial scans using the camera function are another option.
As smartphones get more and more deeply embedded into the general IoT, with devices such as smart locks and the proliferation of apps, this trend will only continue to help secure both the phone and the physical environment it is interacting with. These physical portals to the digital world are becoming increasingly critical in today’s “Bring Your Own Device” (BYOD) environment. With mobile credentials just around the corner, biometrics technology could find itself at the forefront of cyber protection efforts.
Cyber and physical security also intersect in many more concrete ways today. From single login devices that are incorporated or added on to laptop and desktop computers, to doors and cages that physically protect server rooms and datacenters, biometrics technology is protecting logical security every day.
One of the reasons for this is at the heart of what makes biometrics such an attractive proposition: security plus convenience. Ultimately what users want is security that isn’t cumbersome — for example, the need for multiple complex passwords has led many to leave their password hints visible, or even keep default passwords in place when allowed to. The end game for physical and logical is the dream of convergence, the integration of all security enabling each individual identity to move seamlessly through a workflow without having to continually input new passwords. And it seems increasingly evident that biometrics will play a big role in making that happen.