Embrace biometrics to stay ahead of advanced cyber threats
Stricter authentication system can keep Internet of Things more secure
By George Avetisov, Special to ThirdCertainty
The Internet of Things (IoT) will have billions of interconnected endpoints, representing billions of alluring hacker targets.
Organizations struggle with user authentication, and the emergence of the IoT will require a new authentication model. Passwords, even when backed by a multistep authentication process, have shortcomings that won’t work for the IoT. We expect instantaneous, seamless access to our data, and we will want connected devices to offer faster, safer access.
Two-factor authentication, which combines a password with a second layer of protection, has increased as security breaches become common and sophisticated. These methods are beneficial, but they won’t protect or ease IoT use.
Making the password process more complex hasn’t worked because most people still use simple passwords. Entering complex passwords is onerous, particularly on mobile devices—the primary IoT driver.
Two-factor hardware systems aren’t the answer, either. To properly use such a system for authentication, a user must provide a password, then either plug a hardware token into a computer, or input a code that appears on the token’s display. Newer near-field communication (NFC) tokens offer improved usability, but must be carried like a key chain and near the “thing” being authenticated. This slows authentication and requires users to manage a separate device.
Software-based two-factor (2FA) solutions also fall short. Dozens of soft 2FA versions are available, and although most are built on similar open-source specifications, they don’t present an interoperable or unified protocol. Such fragmentation across the IoT could be a huge obstacle.
However, biometric authentication is a logical way to prove your identity—a password can be replicated, but a fingerprint can’t.
Several mobile devices and computers already contain embedded biometric sensors.
They also include a Trusted Platform Module, or Trusted Execution Environment, which handles the validation of biometric information separately from the device’s core operating system. This is an important distinction, as those systems are susceptible to malware. Devices with biometric sensors will alter the way users authenticate themselves, even for physical access, via smart locks.
When it comes to securing intellectual property and mission-critical applications, companies and government agencies can’t take chances. Biometrics offer a superior method of authentication. Companies have the opportunity to embrace biometrics now so they can stay ahead of advanced security threats.
More on the Internet of Things:
Samsung’s SmartTV foreshadows Internet of Things eavesdropping
Healthcare data at risk: Internet of Things facilitates healthcare data breaches
‘Impenetrable’ encryption arrives to lock down Internet of Things