In this age, authentication is a huge security concern and yet we mostly live off of the old

superfluitysmackoverSecurity

Feb 23, 2014 (3 years and 8 months ago)

64 views

In this age, authentication is a huge security concern and yet we mostly live off of the old

idea of using passwords to log

in to our accounts. Why do we do this? Because it’s still a rather

strong method but it carries its flaws. The problem usually
isn
’t at home though where

access

your personal accounts such as banking or online shopping sites. Those are up to the user and

they can generally choose whatever they want in a simplistic form that’s easy to remember or

something very complex. Whethe
r or not this password gets figured out relies totally on them.

But the method itself still works. However, when dealing with major networks, organizations,

and jobs, this method can become difficult as simplistic passwords just can’t be used a lot of
the

time. And, in fact, there are requirements for what a password should contain (capital letters

w
ith lowercase and numbers). Not

only that, but depending on the scenario, these passwords

will probably need changed every so often where the administr
ator sees fit. This causes massive

strain and forgetfulness on the end user who may be juggling a bunch of other things and

keeping up with a complex password just is too much.
You could write it down, but then there is

a chance that it may get stolen
.

Options and Changes

The password method and many other forms of authentication have been in use forever.

But now, it’s more complex and more needed because we are all connected. This is why we

constantly search for new ways to authenticate everyone
. Ways that won’t require insane

complexities that will actually hurt security in the long run. Ways that will make it easier for

everyone but at the same time, al
low a much stronger system that will prevent
hacker to gain

entry using it. Nothing wil
l be 100% safe, but we can

certainly make things better and more

challenging.

One of my favorite types of authentication to learn about is Biometrics. This is the thing

that Sci
-
Fi dreams were made of a long time ago. You still see it now, but back th
en who would

have thought all

of

those crazy things seen in movies or

read in

books would have ever be
en


possible? Facial scanning? Fingerprint identification? Voice matching? It’s crazy and it’s a

real form of modern authentication.

Even a lot of

laptops have the options for fingerprint

scanning to log into t
he system on a consumer level. What makes this so great though?

Well, for starters, it is unique. Let’s think of a simple setup where it isn’t a matter of

inp
utting anything besides some

part of you
. We’re all different and that’s one thing that other

authentication methods can’t match


the vast difference.
We learn as we grow up that our

fingerprints are never the same as another person. So, if you were to have a setup where

someo
ne simply put their fingerprint on a scanner and it recognized it as that user then bam,

simple login process that is pretty secure and doesn’t require any complexities. The same can be

said for other biometric methods such as being able to scan your en
tire face or even your retina.

So you go up to a device, it scans your eye or face in quite detailed

form and you’re

authenticated:

A very simple procedure that we’ve been seeing in Hollywood movies for a long

time. Even voice recognition is a huge f
eature in many devices today and not just for

authenticating. Although that type of recognition is for any voice and is only meant to recognize

the words we’re speaking to do commands or type it out. It still needs a lot of work, but the

technology is

amazing. So this technology, if used to actually match the tone of your voice

while you speak a phrase, perhaps a password, is another interesting authentication method via

biometrics.

Okay, so that’s all fun and is rather simple, but it’s too simple
. So let’s add a bit more


depth

to that with something you know or have. Maybe you have to punch in a pin number

before a biometric
-
themed authentication. That gives you two layers and is still relatively simple

as a pin number usually is only a few
digits and is not difficult to remember. Or maybe you can

use some type of card that you swipe before the biometric method kicks in. This card would

contain information (like a credit card) that’s only related to your login. This is still not complex

at all and doesn’t even require you to remember anything. Of course, what if you used all three

layers? This could get tedious, but the layers still wouldn’t be too bad or complex. As an

example, what if you first swiped a card that then asked you fo
r a pin number and after you

punched that in, it would complete the authentication by a biometric method.
We already do

66% of that method when we use our debit or credit cards at an ATM or a store. You swipe it,

enter your pin, and the process is com
plete. So I don’t see how using all three would be

complicating things too much.

While I love biometrics and I do think they are a great way of simplifying authentication

while making it difficult for hackers, they aren’t full proof. For one thing, s
ome of the

technology itself still needs worked out better. Voice recognition is good, but it’s far from

perfect. Ever tried using it to type something out or to issue commands and it gets it wrong? It

happens, and we all speak differently whether th
at be slow, fast, high or low pitched, slurs,

accents etc. There’s a lot of different ways to speak and it doesn’t make the voice recognition

easy. Also, and this is where voic
e authentication can be the easiest hack for biometrics, it is so

easy to r
ecord someone’s voice and reuse it. And what about people who are very good at doing

impersonations? Would you want someone like the president to use voice recognition?

Everyone always tries to impersonate their voices for amusement or other things an
d some are

very good at it.

I do believe that voice biometrics would be the easiest to replicate, the others have

methods that could bypass the security as well.
It’s been said in the book a
nd I recall seeing

elsewhere t
hat people could create molds
out of your fingerprints. Since we leave our

fingerprints on nearly everything we touch, getting a copy of that isn’t hard to do. However, is it

really easy to create a perfect model from it? I think that it would be pretty difficult but I can see

it
happening on rare occasions.
Still, I feel it can be a solid biometric

method when added with a

second layer of defense because this physically requires your finger to do so. I would say the

same for something like facial scanning but I think that can
be much easier faked. Our world

today has all the latest and greatest in tech. I see people who professionally use printers to create

their own art designs in many different styles for use in professional galleries and to even sell. In

order for this

to happen, the print quality would have to be studio quality, and yes, that quality is

possible from home. So what is stopping someone from creating a perfect life
-
size photo of you

and somehow tricking the authentication? It can happen and with all t
he social networks and

various websites out there that we involve ourselves with while sharing pictures, it wouldn’t be

difficult to grab a good picture to replicate. Picture quality itself may lose something if blown up

too much but then we have all t
he designer programs with all kinds of tricks to make things look

excellent. Not to mention that cameras and even cell phones have hi
gh megapixel counts that

output

very high quality photos.

Are biometrics the future and the best way of authenticating

users?

It’s an excellent

question and I think someday we will see it used more heavily and in more places. It was only

three to four years ago when the Greenhouse I was working at installed the palm reading device

for people to clock in and out. And

that was a bit of an obscure place to use it, at the time… at

least I thought so. I just think there are a lot of quirks to work out and nothing is perfect just yet,

at least with certain methods such as voice matching or facial scanning. It’s a much
easier

method that shouldn’t bother users too much as can be the case with current methods that

overload people with stuff they can’t remember or forget. If we can work out the quirks and

make it up to par and figure out proper counterattack measures f
or would be attackers, then I can

see it being a reliable and accepted method of authentication especially if we add a layer or two

of defense such as a pin or a card. It’s a formidable method that can work in our favor if done

properly.




Zelika, Z
.(February 26
th
, 2010). Pros and cons of biometric authentication. Retrieved from
http://www.net
-
security.org/secworld.php?id=8922

Kay, R.(April 4
th
, 2005). QuickStudy: Biometric authentic
ation. Retrieved from
http://www.computerworld.com/s/article/100772/Biometric_Authentication