Biometrics Authentication (3FA)
By Robert Townsend on September 18, 2018
Background-
Sometimes two-factor authentication is not enough. By using “something you know” – username and password, along with “something you have” – hardware token, SMS, software token; you have implemented two-factor authentication. To take it to the next level you can add “something you are” or biological traits such as, – fingerprint, iris, facial traits, etc. This type of authentication method is called three-factor authentication or 3FA and is used largely for government agencies or business’ that require a high level of security. By adding a third layer of authentication to your security implementation you can greatly decrease the risk of being exploited.
Reliability-
It is important to know that just because you implement 3FA authentication, its reliability largely depends on implementing each method the correct way. If you have weak password requirements, then guessing a password can be possible. If the system you use for facial recognition can be easily bypassed by holding a photo up, then that renders the “what you are” or biometrics portion useless. This defeats the purpose of 3FA and basically drops you down to 2FA. By making sure each of your layers of authentication have strong rules, you can greatly increase the security of your business.
Areas of Use-
A recent poll by Spiceworks, a professional IT industry, found that out of 492 IT professionals that were surveyed, “62 percent of the respondents’ companies currently use biometrics for various security and business purposes such as employee access and data security, and an additional 24 percent plan to use it by 2020”. For industries like banking, government, airports, hospitals, or other large corporations, implementing 3FA can be the best way to secure highly sensitive areas. Choosing biometrics as a factor within the multi-factor authentication system can address the shortcomings that are posed by other means of authentication types. An article on CNN stated, “We’re seeing a very rapid evolution from what used to be passwords, then smart cards, and now to biometrics,” said Alex Simons, director of program management in Microsoft’s identity division.
Types of 3FA-
As mentioned above, there are many different types of ways to authenticate using biometrics.
Fingerprint Readers-
The fingerprint scanner is the most common type of “what you are” authentication. This may be due to the implementation of it on smartphones. Sometimes the fingerprint reader can be built-in to the phone. The iPhone is a good example for a built-in fingerprint reader on a smartphone.
Figure 1 – Source: https://www.macworld.co.uk/how-to/iphone/touch-id-fixes-3489429/
The fingerprint reader can also be built into a laptop as well.
Figure 2 – Source: https://www.engadget.com/2016/06/03/synaptics-under-glass-fingerprint-reader/
Iris Scanners-
Heimdal Security stated, “Security researchers consider the eye as one of the most reliable body parts for biometric authentication since the retina and iris remains almost completely unchanged during a person’s lifetime.” Some benefits of using iris scanners are – you do not risk spreading personal data since you do not need to touch anything, and the iris stays unchanged throughout a person’s life, while a fingerprint can be dirtied or even scarred. A disadvantage can be that sometimes high-quality photos can trick the scanner, depending on what type you are using.
Some iris scanners can be built-in to phones. Like the Galaxy Note 8 below.
Figure 3 – Source: https://www.technobezz.com/fix-galaxy-note-8-iris-scanner-issues/
There are even iris scanners for controlled entry like the iCam 7101-TEC3 below.
Figure 4 – Source: https://www.independent.co.uk/voices/bitcoin-iris-scanners-facial-recognition-iphone-apple-technology-latest-reason-be-terrified-a7855466.html
Facial Recognition:
This type of authentication has been widely implemented via the iPhone X. How it works is it creates a highly accurate and secure bio-metric template of your face using machine learning algorithms. Before the Apple FaceID there were cases when makeup, masks, high resolution photos, or other means could fool a facial recognition system. Since then, Apple stepped it up with thermal imagery and other technologies. The iPhone version of facial recognition uses more than 30,000 infrared dots to map your face.
Figure 5 – Source: https://www.apple.com/iphone-xr/face-id/
Conclusion:
Having a third authentication method available for your business or personal use can greatly enhance your ability to secure devices or entry to a secure area. With the use of 3FA, the level of assurance that the person involved in the “need for access” is indeed the one that he or she is claiming to be. The challenge today is figuring out a way to implement 3FA on a more widescale platform. By building in biometric authentication to mobile devices such as phones and laptops, the technology industry has taken one step in the right direction for widescale implementation.
Sources:
https://searchsecurity.techtarget.com/definition/three-factor-authentication-3FA
https://topvpnsoftware.com/3fa/
https://heimdalsecurity.com/blog/biometric-authentication/
https://money.cnn.com/2018/03/18/technology/biometrics-workplace/index.html
https://www.engadget.com/2016/06/03/synaptics-under-glass-fingerprint-reader/
https://www.macworld.co.uk/how-to/iphone/touch-id-fixes-3489429/
https://www.technobezz.com/fix-galaxy-note-8-iris-scanner-issues/
https://www.vasco.com/glossary/face-recognition-security.html
https://www.apple.com/iphone-xr/face-id/
-
Russia’s Cyber Strategies
Russia’s Cyber Strategies
12/2/2021 -
The Next Generation and Cyber Security
The Next Generation and Cyber Security
12/2/2021 -
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
12/2/2021