Passwords Are Here to StayPosted by Petr Pinkas Nov.11, 2013 in Passwords & Security
Biometric security is an information safeguarding solution that makes use of the user’s physical details, such as fingerprints, to control access to information. With the arrival of Touch ID, the new security feature on the iPhone 5s, this form of data protection has become a heavily debated replacement to traditional password strategies. According to ZDNet, this method of cyber attack prevention is not likely to replace password security any time soon because of how easily simple hacking techniques have rendered the fingerprint recognition technology unsafe.
The news source reported that in just a few days after the release of Touch ID, a German-based hacking group called CCC managed to break through the fingerprint scanner in under 48 hours. They used plate glass and an enhanced camera lens to duplicate the test user’s biometric data and created a replica, which allowed the hackers to repeatedly break through the mobile device’s defenses.
As a result, a new concern with this form of account management is the inability for end users to change the physical details that become the access code, according to the news source. Fingerprints are permanent in nature, and as a result, password management involving biometric security is only safe until the account is breached. When that happens, the account becomes indefinitely compromised.
Questions about fingerprint security
Concerns about the security of Apple’s new solution are also being debated, reported NBC News. In a letter to Tim Cook, CEO of Apple, Sen. Al Franken requested information about how the fingerprints are being stored and if they’re protected by the same governances that prevent seizure of information by law enforcement without a warrant. Furthermore, the letter requested that Apple define who can access the stored data and to determine if the third-party means of fingerprint storage is susceptible to attacks or other information breaches through hacking.
Passwords still best in cyber protection
Touch ID makes password management much easier because of its easy-to-use access capabilities. Unlike legacy protection, this method allows users to secure their data without having to remember complex character combinations in passcodes. NBC News reported, however, that data security is crippled by consumer fingerprint protection because these methods compromise accounts permanently, whereas a password can be changed.
Alphanumeric codes are controlled entirely by the end user. Biometric security does not allow for account sharing, a practice that some companies leverage for low sensitivity data. Additionally, alphanumeric passwords are familiar and user friendly. Businesses and consumers all across the world use them to manage their online accounts, and because of this, it is easier for individuals to safeguard new accounts and devices with a passcode.
NBC News reported that the best practices in password management and biometrics are optimally used together in what is called “two-factor authentication.” Under this strategy, security is enhanced by “something you know,” such as a password, and “something you have,” such as a smartphone. Websites that utilize this form of security will typically text message a verification code to a smartphone or other mobile device, which is then used in conjunction with the original password in order to enhance the end user’s protection.
The idea is that the hacker will require both halves of this two-part solution in order to break into an account. According to the news source, this method is being redefined to utilize fingerprints in place of the verification code that is sent to the mobile device. In the new model, the passcode is still necessary to lock the smartphone and the “something you have” part of the two-factor authentication solution becomes the biometric data. Without one or the other, the cyber assailant will have a much harder time breaking into the device.
Although fingerprint security may be a simpler format than legacy methods of online protection, by using both options, end users have layers of security through which hackers must breach. NBC News reported that Apple’s Touch ID system is still young and will likely optimize its functionality over time, but passwords, in general, are unlikely to be replaced completely.