Monday, July 11, 2011

Biometrics Seen as SecurID Alternative?

Exploring Multifactor Authentication

RSA customers who feel victimized by last March's breach of the security vendor's computers have viable options that include continued use of the SecurID authentication tokens, those offered by competitors, or something entirely different: biometrics.

In March, RSA revealed intruders broke into its computers, exposing secret codes for its two-factor authentication SecurID token. Since then, RSA has been working closely with its customers to assure the safety of the product.

The proper precautions RSA provides could satisfy many SecurID user but there is an another option of switching to a competitors' product. Still, at the end of the day, the use of these technologies maintains the status quo. They let you do the same-as-usual type of security. If attacked once, and hacked once, it can certainly be done again. Another approach, would be to implement an alternative factor, such as biometrics.

The concept behind multifactor authentication is that the user provides at least two different factors - something the user has, such as a token; something the user knows, such as a password; and something the user is, such as a fingerprint. In the case of tokens such as SecurID, the factors are what the user has and knows. But users jittery about the security of the has factor could substitute it with the is factor, such as an image of the eye's iris or the sound of a voice.

The enterprise security expert points out that many users own smartphones that, with the right, inexpensive software, can scan an iris or record a voice to produce biometrics that can be employed for authentication. It's not something that can be easily copied from a forensic perspective. Biometrics are a strong play, and they're gaining a lot more acceptance in the industry. What do you think?

No comments: