Biometric identification: an easy way to forget about passwords

Trust is an important aspect of a relationship. Communication within the company, the exchange of information with customers and partners, any business interactions involving two or more individuals, in one way or another, are based on the trust of the participants in the process to each other.

If we are talking about the “consumer-company” relationship, then not only the cost of the product or service, but also the reviews about the company play a key role in the client’s behavior model. The abundance of negative comments in the Internet is a bell which signals that it is better to look for another place to make a purchase.

Inside the business, the scheme works the same way. A request to pay a bill from an unknown person, who was hired only yesterday, is perceived as a risky operation that requires additional validation – confirmation of the leader. At the same time, the exact same request from a colleague from a neighboring department, with whom more than one cup of coffee was drunk – a self-evident task that does not cause suspicion.

The study of basic behaviors is at the heart of social engineering: why ram thousands of dollars on equipment and attract high-quality technical specialists in hacking, if it is possible to put pressure on the most vulnerable link of the security perimeter – on a person.

Phishing and other popular methods of data theft necessarily involve the use of disguises that inspire confidence in the victim, because it is the easiest way to force an employee to make a transaction or send confidential information pretending to be his head, colleague or representative of regulatory authorities. Of course, it is possible to create a virtual identity that suits better the situation. But this method does not guarantee success: an attentive employee can expose the substitution.

To help the attackers who are concerned with the “correct” disguise, the darknet is always ready to come to the rescue: you can buy stolen accounts in it for a mere penny. According to statistics, only in 2017, more than 16.7 million usernames and passwords were stolen in the United States, which were later put up for sale on hacker forums. If you extrapolate the statistics to the whole world, the disaster will amaze with its scale.

Of course, the darknet is not a panacea, because the necessary disguise may not be there. Therefore, multi-pass operations come to the rescue. During the first phase, the attackers need to steal the personal or work account of someone from the company’s staff. In the second stage, the disguise will help convince the victim of the legitimacy of the social engineer’s requests.
Every year, the effectiveness of such schemes is steadily increasing. For example, in 2018, the number of illegal financial transactions carried out thanks to stolen digital accounts increased by 55%!

The reason for the growth of cybercrime is the weak protection of accounts, because simple usernames and passwords are not enough barriers for attackers. Modern hacking tools and proven social engineering schemes make it easy to bypass authorization forms and steal a “digital identity”.

Large foreign companies and experts in the field of information security have come to the conclusion that the only effective tool to reduce risks is authorization by biometric parameters.
Bright examples of such technologies, which have already become widespread, are right next to you, just remember the AppleID face recognition system or the Amazon Echo voice. And additional biometric authentication of personnel is already being implemented everywhere in international corporations, banks and large production facilities. Such innovations allow to solve a whole range of security service tasks.

Employees no longer need to remember long passwords and, moreover, write them down on a piece of paper glued to the monitor. Face recognition authorization will prevent illegal access to the work machine, even if the access codes were stolen.

If the enemy is inside the company, systems similar to FaceID will not let the insider go beyond the operating system loading screen, and the Security Service representative will be able to record an attempt to access the data and conduct an investigation.

Today, access codes consisting of symbols are gradually turning into a vestige of a past era. They are too easy to steal, which means that they do not protect valuable information, but only create the illusion of security. Following the trends, modern security systems are abandoning the remnants of the past, gradually switching to more reliable methods of authentication using biometric parameters. The simplest and the most reliable is face recognition. Web cameras are available on almost all office computers, so setting up and implementing software systems that distinguish one employee from another will not require additional financial investments or excessive labor.

Biometric authentication software modules are a logical step in the evolution of security systems. Identification of users’ faces not only increases the reliability of protection, but also helps to solve a number of business problems. For example, to control the implementation of the “four eyes principle”, to determine the author of the document, or to control the atmosphere in the team. Analyzing the facial expressions of the staff, which the systems are gradually learning, will help you understand how satisfied the team is with the current tasks and working conditions. But the quality and efficiency of work largely depend on interpersonal relationships in the office.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.