Give passwords the finger
May 2017, Financial (Industry), Access Control & Identity Management
Biometrics in its many forms has become standard in many organisations, especially for access control and time and attendance (T&A) functionality. But biometrics can be used for much more.
In a few companies, fingerprint biometrics is also being used to control which employees have access to sensitive areas and sensitive functions where rogue employees are able to fiddle with a company’s finances. Yet, most companies still rely on passwords and ‘traditional’ virtual access control methods to protect bank accounts and accounting packages (and for virtual access on the whole) – most of them without managing the passwords people use or how they go about remembering them.
A few companies have taken the plunge and now use fingerprint biometrics to control access to their premises as well as their virtual premises. Instead of logging on with a password, a swipe of the finger is all it takes. Perhaps the growth of fingerprint access on smartphones has made people more aware of the possibilities.
Yet, despite the obvious security benefits of biometrics, many companies have no plans to change their operational systems to incorpor-ate them, even in sensitive positions. Hi-Tech Security Solutions asked ViRDI SA’s Deon Janse van Rensburg for his take on why this is happening despite the growing global awareness of fingerprint biometrics.
Janse van Rensburg says that he is finding more companies enquiring about the convergence between physical and virtual access control systems. However, the enquiries seldom turn into a rollout. He says there are two main issues preventing virtual biometric access from becoming mainstream: cost and an understanding of how these systems work.
“Any converged system becomes an expensive capex exercise due to the complexity of the system, resulting in many man-hours in configuration and training,” Janse van Rensburg explains. “Users rarely have an idea of this complexity and rarely understand the impact that the deployment of such a solution will have on their businesses from a capex, administration, maintenance, infrastructure layout and IT infrastructure point of view.
“I call it the ‘Hollywood Effect’ and many other disciplines are experiencing the same where expectation rarely meets reality.“
More secure access?
Janse van Rensburg is clear that biometrics does add to the level of security. “As any IT security specialist will tell you, passwords to access computer systems are predictable due to users using passwords that they can remember and that are familiar to them. I recently read an article that provided examples of such predictable passwords which include names of pets, family members, birthdays etc.
“Another issue is that passwords are shared with other people, rendering the security features virtually useless. With fingerprint biometrics and the way the extraction technologies work, this becomes exponentially more difficult as fingerprint templates are extremely complex and should be encrypted to an AES standard.”
Additionally, he notes that since the same optics and algorithms are used for both physical and virtual access control, the virtual systems are as secure as the systems being used for access control and T&A. “The challenge is that physical access control systems, i.e. the biometric terminals, are very rarely the object of targeted malicious software and hacking attacks. This is where the difference lies, virtual systems are under constant hacking attacks and the safeguarding thereof cannot be handled by the biometric devices. If the network security can be breached then the system is vulnerable.”
ViRDI’s virtual access devices
When it comes to the options customers have from ViRDI for virtual access, Janse van Rensburg says the company supplies various PIV/AFIS types of devices – dependent on the application. “Normally we would supply our FOH02 USB reader, but if the client has the requirement for FBI approved PIV/iAFIS devices they would be looking at the FOH04 and V-ScanFB series of devices.
“Our off-the-shelf software is actually a combination of packages. V-Bioguard interacts with Active Directory and replaces the password functionality with fingerprints. It provides a GUI for rights assignment, monitoring and reporting functionality. The second portion of the software solution is the MASS-Server, which allows the identification of a 1:1 000 000 (1:N) fingerprints in under 1 second.”
For more information contact ViRDI Distribution, +27 (0)11 454 6006, firstname.lastname@example.org, www.virditech.co.za