Thursday, July 23, 2015

Biometric sign-on

Biometric SSO - A secret weapon to protect your data (Engadget)
The advantages of using biometric SSO solutions for securing enterprise information are huge. Firstly, utilizing biometric SSO authentication provides stronger authentication and security instead of relying on traditional passwords. It is nearly impossible to steal or duplicate biometric characteristics for authentication purposes. Besides, biometric characteristics are unique for every person in the world; even identical twins have different biometrics. Hence, biometric SSO achieves the highest level of identification accuracy. Secondly, implementing a biometric SSO technology is considered as a cost effective solution to reduce financial losses from being compromised by weak password management policies. Thirdly, the variety of biometric SSO modalities available such as fingerprint, iris, vein, and palm brings a huge flexibility to organizations to achieve better return on investment.
Often overlooked, biometric hardware itself provides an enormous security benefit. From this 2012 post on biometrics in schools...
Biometrics provide for far more secure information because the biometric sensor hardware itself provides a layer of protection that a keyboard never can provide passwords. In the standard Username/Password regime, the hardware used, the keyboard, offers no additional security. With username/password authentication, a hacker needs only a keyboard to fill in the proper fields and she gains access to the network. If that username/password is a superuser or administrator credential, an organization may see some turnover in the CTO function.

Biometric authentication is very different animal because with biometrics, the hardware layer does provide extra security. If the hacker steals a biometric or unencrypted biometric template (a long character string), she can't just type it in even if she finds the place in the programming that handles the template. It has to come from the fingerprint sensor. The template resulting from a verification attempt is like a single use password created during the interaction of a physical object (body part) with certain known sensor.