- Clear here to download the original properly formatted document.
- Authentication is one of the greatest methods we have in protecting data and networks. There has always been authentication methods around, even hundreds of years ago when it may have been someone whispering a simple password. Today, without ever-growing technologies, authentication is as important as ever due to the nature of data and information we carry. We continue to search for the ultimate method of authentication, but there is a line we must walk. We never want to make it overly complicated for users, but it does need to be complex. In this piece, I discuss the various methods we use now and possible methods we could use in the future.
In this age, authentication is a huge security concern and yet we mostly live off of the old idea of using passwords to log in to our accounts. Why do we do this? Because it’s still a rather strong method but it carries its flaws. The problem usually isn’t at home though where access your personal accounts such as banking or online shopping sites. Those are up to the user and they can generally choose whatever they want in a simplistic form that’s easy to remember or something very complex. Whether or not this password gets figured out relies totally on them. But the method itself still works. However, when dealing with major networks, organizations, and jobs, this method can become difficult as simplistic passwords just can’t be used a lot of the time. And, in fact, there are requirements for what a password should contain (capital letters with lowercase and numbers). Not only that, but depending on the scenario, these passwords will probably need changed every so often where the administrator sees fit. This causes massive strain and forgetfulness on the end user who may be juggling a bunch of other things and keeping up with a complex password just is too much. You could write it down, but then there is a chance that it may get stolen.
Options and Changes
The password method and many other forms of authentication have been in use forever. But now, it’s more complex and more needed because we are all connected. This is why we constantly search for new ways to authenticate everyone. Ways that won’t require insane complexities that will actually hurt security in the long run. Ways that will make it easier for everyone but at the same time, allow a much stronger system that will prevent hacker to gain entry using it. Nothing will be 100% safe, but we can certainly make things better and more challenging.
One of my favorite types of authentication to learn about is Biometrics. This is the thing that Sci-Fi dreams were made of a long time ago. You still see it now, but back then who would have thought all of those crazy things seen in movies or read in books would have ever been possible? Facial scanning? Fingerprint identification? Voice matching? It’s crazy and it’s a real form of modern authentication. Even a lot of laptops have the options for fingerprint scanning to log into the system on a consumer level. What makes this so great though?
Well, for starters, it is unique. Let’s think of a simple setup where it isn’t a matter of inputting anything besides some part of you. We’re all different and that’s one thing that other authentication methods can’t match – the vast difference. We learn as we grow up that our fingerprints are never the same as another person. So, if you were to have a setup where someone simply put their fingerprint on a scanner and it recognized it as that user then bam, simple login process that is pretty secure and doesn’t require any complexities. The same can be said for other biometric methods such as being able to scan your entire face or even your retina. So you go up to a device, it scans your eye or face in quite detailed form and you’re authenticated: A very simple procedure that we’ve been seeing in Hollywood movies for a long time. Even voice recognition is a huge feature in many devices today and not just for authenticating. Although that type of recognition is for any voice and is only meant to recognize the words we’re speaking to do commands or type it out. It still needs a lot of work, but the technology is amazing. So this technology, if used to actually match the tone of your voice while you speak a phrase, perhaps a password, is another interesting authentication method via biometrics.
Okay, so that’s all fun and is rather simple, but it’s too simple. So let’s add a bit more depth to that with something you know or have. Maybe you have to punch in a pin number before a biometric-themed authentication. That gives you two layers and is still relatively simple as a pin number usually is only a few digits and is not difficult to remember. Or maybe you can use some type of card that you swipe before the biometric method kicks in. This card would contain information (like a credit card) that’s only related to your login. This is still not complex at all and doesn’t even require you to remember anything. Of course, what if you used all three layers? This could get tedious, but the layers still wouldn’t be too bad or complex. As an example, what if you first swiped a card that then asked you for a pin number and after you punched that in, it would complete the authentication by a biometric method. We already do 66% of that method when we use our debit or credit cards at an ATM or a store. You swipe it, enter your pin, and the process is complete. So I don’t see how using all three would be complicating things too much.
While I love biometrics and I do think they are a great way of simplifying authentication while making it difficult for hackers, they aren’t full proof. For one thing, some of the technology itself still needs worked out better. Voice recognition is good, but it’s far from perfect. Ever tried using it to type something out or to issue commands and it gets it wrong? It happens, and we all speak differently whether that be slow, fast, high or low pitched, slurs, accents etc. There’s a lot of different ways to speak and it doesn’t make the voice recognition easy. Also, and this is where voice authentication can be the easiest hack for biometrics, it is so easy to record someone’s voice and reuse it. And what about people who are very good at doing impersonations? Would you want someone like the president to use voice recognition? Everyone always tries to impersonate their voices for amusement or other things and some are very good at it.
I do believe that voice biometrics would be the easiest to replicate, the others have methods that could bypass the security as well. It’s been said in the book and I recall seeing elsewhere that people could create molds out of your fingerprints. Since we leave our fingerprints on nearly everything we touch, getting a copy of that isn’t hard to do. However, is it really easy to create a perfect model from it? I think that it would be pretty difficult but I can see it happening on rare occasions. Still, I feel it can be a solid biometric method when added with a second layer of defense because this physically requires your finger to do so. I would say the same for something like facial scanning but I think that can be much easier faked. Our world today has all the latest and greatest in tech. I see people who professionally use printers to create their own art designs in many different styles for use in professional galleries and to even sell. In order for this to happen, the print quality would have to be studio quality, and yes, that quality is possible from home. So what is stopping someone from creating a perfect life-size photo of you and somehow tricking the authentication? It can happen and with all the social networks and various websites out there that we involve ourselves with while sharing pictures, it wouldn’t be difficult to grab a good picture to replicate. Picture quality itself may lose something if blown up too much but then we have all the designer programs with all kinds of tricks to make things look excellent. Not to mention that cameras and even cell phones have high megapixel counts that output very high quality photos.
Are biometrics the future and the best way of authenticating users? It’s an excellent question and I think someday we will see it used more heavily and in more places. It was only three to four years ago when the Greenhouse I was working at installed the palm reading device for people to clock in and out. And that was a bit of an obscure place to use it, at the time… at least I thought so. I just think there are a lot of quirks to work out and nothing is perfect just yet, at least with certain methods such as voice matching or facial scanning. It’s a much easier method that shouldn’t bother users too much as can be the case with current methods that overload people with stuff they can’t remember or forget. If we can work out the quirks and make it up to par and figure out proper counterattack measures for would be attackers, then I can see it being a reliable and accepted method of authentication especially if we add a layer or two of defense such as a pin or a card. It’s a formidable method that can work in our favor if done properly.
Zelika, Z.(February 26th, 2010). Pros and cons of biometric authentication. Retrieved from http://www.net-security.org/secworld.php?id=8922
Kay, R.(April 4th, 2005). QuickStudy: Biometric authentication. Retrieved from http://www.computerworld.com/s/article/100772/Biometric_Authentication