Beyond passwords with biometric technology

Tired of having hackers guess your password in three tries and break into your most critical systems?

Well, first, stop using "password" as your password.

Then, consider investing in some alternate means of authentication. Biometric technologies can supplement or even replace passwords entirely when used in conjunction with a password management program.

The following biometrics vendors, for example, can turn almost any physical aspect of your body into an authentication mechanism.

Most are also members of the FIDO Alliance, a standards body for authentication technologies.

Heartbeat

According to the folks behind the Nymi Band, your heart has a unique signature -- the ECG wave has a special shape that identifies you as you.

The signature is measured by the wrist band, which then uses Bluetooth to authenticate you to other devices.

As long as you're not too excited or relaxed when you put it on, that is.

It works in conjunction with a partner app on your computer or mobile device, and could be used, say, to unlock your smartphone without having to type in a password. Or for any other purpose that requires confirmation of your identity. For example, they recently announced a pilot payments project with the Royal Bank of Canada and Mastercard.

Iris

The EyeLock Myris collects 240 points of data on your iris, which, the company says, results in a false positive rate of 1 in 1.5 million.

They claim more than 3 million transactions over the past two years, in sectors such as security, border control, government and the financial services.

You plug the device into your USB port, connect sites and applications to the Myris app, and then just look into the device to log in, the same way you would look into a hand mirror.

Sclera

Sclera, or the white part of your eyeball, gets all the attention with the EyeVerify. You pick up your smartphone and take a selfie. The EyeVerify app looks at the blood vessels in your eyes to confirm your identity.

And you're in.

There are free demo apps on the iOS and Android app stores, but the company is really focusing on the other side of the authentication mechanism -- with the banks and other institutions. According to the company, several banks in Australia are already using it for their employees, and the technology is part of the mobile device management platforms from Good Technology and AirWatch.

Fingerprint

There's a lot happening with fingerprints. Smartphones now include fingerprint readers, as do some laptops and other devices.

There are also a variety of key fobs, dongles, and other peripherals, such as the IDKey from Sonavation and the Yukey from Egistec.

But you can also scan a fingerprint without any special hardware. The Onyx, from Diamond Fortress Technologies, uses the camera on your smartphone. Free demo apps are available for both Android and iOS.

Voice

We're all used to talking on our phones, and, more recently, talking to our phones. What's more natural than to use that for authentication, as well?

Agnitio's Kivox platform allows app developers to do just that.

And, in case you're worried about criminals secretly taping your voice, Agnitio claims that its patented anti-spoofing technology caught 97 percent of spoofing attempts -- while their competitors caught none of them.

Another benefit of their platform is that the software is resident on the phone and doesn't require an Internet connection.

Face

The beta release of AppLock by Sensory is in the Google Play store if you're looking for an application that uses your phone's camera to see your face.

The app's security setting have a "liveness" mode for extra security, to keep the badguys from trying to spoof your face with a picture.

For even more security, the app can also check your voice.

Ear

Did you know that the shape of your ear is unique?

Did you know that's there's an app that reads the shape of your ear where it touches the screen?

It's called Ergo, and it's available now on Google Play from Descartes Biometrics.

And it's as easy to use as lifting your phone to your ear. Which you do all the time, anyway.

But it only has a rating of two-and-a-half stars, and reviewers complain about not being able to get it working.

So put this into the "not quite yet" column.

Finger vein

No, it doesn't draw blood. The VeinID from Hitachi uses infrared light to painlessly scan the veins inside your finger.

The scanner is already used at ATMs in Japan and Poland, and Barclays plans to deploy it this year in the UK.

According to the company, it's difficult to spoof because it doesn't read the exterior of the finger, but the inside, and the false rejection rate is lower than with fingerprinting.

It takes about a second to do the scan and authenticate someone.

Worried about bad guys chopping off your finger? Don't be -- according to the company, dead fingers have no blood flow, so wouldn't be readable by the device.

Brain waves

Yes, there are consumer devices that read brainwaves. Unfortunately, none of them can be used as authentication devices out of the box just yet.

The Emotiv Insight, for example, is scheduled to hit the market this March, after raising more than $1.6 million in a successful Kickstarter campaign.

Like its closest alternative, the MindWave headsets from NeuroSky, these collect EEG measurements through easy-to-use dry-contact sensors.

In 2013, researchers at UC Berkeley asked users to perform simple mental tasks, such as mentally singing a song, or focusing on their own breathing. They were able to identify users with an error rate of less than 1 percent.

Unfortunately, the specific headset the researchers used -- the NeuroSky MindSet, which also includes regular headphones and a microphone -- is no longer available.

And both the MindWave and Insight headsets  are single-purpose. All they do is measure your EEG. Not really practical to get and use just for authentication. But if you already have one at your desk to help you relax after a long day of network monitoring, then go ahead and adapt it to confirm your identity and become the coolest nerd in the office.

Tags Access control and authenticationIdentity & AccessFIDO Alliance

Show Comments