chris - Fotolia
I heard about a security researcher who claimed to be able to beat fingerprint and retinal scan biometric systems using simple photography. While the accuracy is not yet confirmed, these claims are unsettling. Should my enterprise -- which implements fingerprint security measures -- be concerned? To what extent does this cast doubt on the integrity of biometric authentication systems?
As a form of additional two-factor authentication, biometric checks can be used successfully for identity assurance. However, the security of these mechanisms as the sole source of identity proofing is questionable. As with any credential, when used without additional checks, they can be subject to spoofing. This isn't the first instance of commercially-available biometric products being overcome by simple photography, though most likely governmental DoD high-security devices are more difficult to beat.
The key to ensuring security is to fully implement two-factor authentication processes, using something you have and something you know. Biometric appliances answer the first part of the equation but they should be used in conjunction with a pin, password, pass phrase or some other form of "something you know" type of authentication to be fully effective.
What's your question?
Got a question about identity and access management technology and strategy in your organization? Submit your question via email today and our experts will answer it for you. (All questions are anonymous.)
Discover the pros and cons of multiple biometric authentication devices and techniques
Dig Deeper on Biometric technology
Related Q&A from Randall Gamby
Enterprise SSO products have matured over the years, so what's the state of eSSO today? Expert Randall Gamby discusses. Continue Reading
Enterprises need a full understanding of the FIDO authentication framework before switching to its technology. Expert Randall Gamby looks at the most... Continue Reading
A self-managed HSM appliance may be the safer external key management system to use with your organization's encryption keys. Here's why. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.