Goodbye to Passwords: the Future is Biometric


The new frontier: biometric access

Until a few years ago, authenticating online was trivial: a username and a password, more or less complex, were enough to access services or to unlock our technological devices. Anyone who knew them could access an account easily and immediately. The Internet population was contained, connectivity was limited and, above all, threats were low risk. Today, username and password are no longer a secure way to authenticate.
For a few years now, in fact, the person, with the morphological and behavioral characteristics that distinguish him, has returned to the center of authentication mode: this is the case of biometric recognition, which is based on the analysis and comparison of the traits of each individual such as fingerprint, voice or facial parameters.

To deal with today’s cybersecurity problems, it is necessary to rely on biometrics, as a password, however long and complicated, alone is not sufficient to guarantee adequate security. If security is entrusted to a binary process (user ID and password) it is easy for cybercriminals to gain access to the data. Most platforms allow multiple login attempts before completely blocking. For computerized systems it is not that difficult to guess a password. Furthermore, it is not true that a long password is more difficult to guess than a short one. It is the complexity of combining numeric, alphanumeric and special characters that determines the security of a password. Few can conceive and remember dozens of them.

The solution is to add a level of difficulty, adding to the binary process the need to prove one’s identity. It can be done with two-factor authentication or biometrics. Two-factor authentication bases its existence on the union of something the user knows and something the user physically possesses. Respectively the password and a device (smartphone, RFID token or other). In practice, in addition to the ID and password, you must also enter a code received via email, SMS or created by a specific app. A solid idea but one that many find inconvenient and don’t use.

The advantages of biometrics

Biometrics are therefore actually more effective in protecting users’ personal information and data. This system also features several practical advantages. The first advantage of this solution lies in its simplicity. There is no waiting time for the SMS or the need to open an app. Just place your fingertip on the sensor or position yourself in front of the camera. The second advantage is that biometrics are unique characteristics of a person. They cannot be stolen or modified. Furthermore, they are always in the possession of the individual. It is not necessary to remember or save passwords and PINs. Last but not least, biometrics act in real time and allow immediate recognition. This is why biometric verification is used by almost all service providers and companies to meet high security standards.

The functioning of the different types of biometric identification

But how do the different ones work specifically types of biometric identification? In terms of security they are not all the same:

  • Fingerprint recognition: Fingerprints are used to identify people: a finger is enough to unlock the smartphone or to access reserved services, for example in banking. Practical and quick, this solution is not, however, free from risks. Usually readers aimed at consumers store only a part of the fingerprint and compare it with a further partial fingerprint: if they analyzed it in its entirety, they would not be able to guarantee the same fluidity and speed. As a result, it’s easy for bad actors to create fake fingerprints that confuse the system.
  • Facial recognition: Facial recognition in the most futuristic predictions will make ID cards, passports and tickets obsolete. However, its use raises important questions in terms of privacy. The European Commission recently announced a crackdown on facial recognition – except in exceptional cases – when used in activities carried out in places accessible to the public. This is because its use could be invasive towards fundamental rights, in particular human dignity, respect for private and family life, protection of personal data and non-discrimination.
  • Voice recognition: it can be used to access, in complete safety, services that require a high level of privacy, for example in the banking, insurance or healthcare sectors. When used “live”, voice biometrics has a key advantage: no information is stored or retained on mobile devices. Furthermore, the human voice is also more complex to imitate perfectly than, for example, a fingerprint.

The new technology: Passkey

To support this type of IT security, one was born new technology called Passkey. An unusual collaboration between Google, Microsoft and Apple, announced in May 2022, led the three companies to adopt and integrate a standard defined by the FIDO Alliance, an industry consortium founded in 2013 with the aim of developing and disseminating alternative and more secure authentication solutions compared to traditional passwords.
Passkeys, through the use of biometric security systems, allow users to access their accounts from multiple devices. To put it very simply, they work thanks to the coupling between a public key, which the service we want to access can keep on its servers without any risk, and a private key which instead remains protected within our devices. Thanks to the public key, the service generates a “secret message”, which the private key can decrypt, proving the user’s identity in the process. The big advantage arises from the fact that, unlike passwords, passkeys cannot be intercepted, because the private key never leaves the device.

THE The first company to adopt Passkey was Applewith the introduction of new operating systems for iPhone, iPad and Mac launching in September and October 2022. Google plans to make the necessary tools for implementing passkeys available later this year. Microsoft, however, has announced that Apple passkeys are already compatible with the Microsoft Hello system for accessing the web and that they will soon be able to be used to access a Microsoft account via both iOS and Android devices.

Although much more secure than passwords, Passkeys do not completely eliminate the risks associated with accessing online services. The burden of authentication now shifts entirely to biometric device authentication systems. In any case, thanks to this technology the level of security has increased and the problem of phishing could definitively disappear.

In addition to learning to create more complex and secure passwords, entrepreneurs and professionals can safeguard their profession and their data by adopting a Cyber ​​Risk policy. This coverage allows the insured to protect himself from cyber attacks and the resulting expenses and losses of data and confidential information. Furthermore, this coverage provides expert intervention for the recovery of lost data and decontamination from any malware. All these are services included in the Smart version, which has a maximum limit of up to €25 thousand. Lokky also offers its customers the possibility of taking out a Top version of the policy, which provides for an increase in the limit up to €250 thousand and the inclusion of numerous additional guarantees, including a daily allowance for business interruption and coverage of expenses for restoring the company’s image.

latest posts published

Lokky, the Italian data driven insurtech for professionals and SMEs

Lokky, the Italian data driven insurtech for professionals and SMEs

EconomyUp interviews Paolo Tanfoglio and Sauro Mostarda, Co-founder and CEO of Lokky Awarded as 'Best ...
An ally for cyber security: Load Balancing

An ally for cyber security: Load Balancing

Having a fast, high-performance and reliable website is a non-negligible aspect for those who have ...
Business Trend 2023 for SMEs, professionals and commercial activities

Business Trend 2023 for SMEs, professionals and commercial activities

The main trends of 2023 that you will need to consider in your business Digital ...
Occupational risks for pastry shops

Occupational risks for pastry shops

The pastry chef's activity involves the production of confectionery products, from the preparation of the ...
How to read a pay slip

How to read a pay slip

In collaboration with our partner F2Dwe decided to delve deeper into the elements that make ...
What are the most common cyber risks and how to protect yourself

What are the most common cyber risks and how to protect yourself

“Houston, we have a problem."Who doesn't know the words of Jack Swigert, pilot of the ...
Clinical Risk: What it is and What are the consequences

Clinical Risk: What it is and What are the consequences

In recent years, the responsibility of healthcare facilities has increased significantly and with this also ...
Commercial activities most affected by theft

Commercial activities most affected by theft

Theft, shoplifting and armed robberies are a plague for Italian traders. In Europe, Italy is ...
October is European Cyber ​​Security Month

October is European Cyber ​​Security Month

October is the European month dedicated to cybersecurity, a good opportunity to acquire new awareness ...
Estimating cyber risk: importance and difficulties encountered

Estimating cyber risk: importance and difficulties encountered

The biggest challenge regarding cyber security is to estimate cyber risk in a credible, sustainable ...

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *