Give passwords the finger

May 2017 Financial (Industry), Access Control & Identity Management

Biometrics in its many forms has become standard in many organisations, especially for access control and time and attendance (T&A) functionality. But biometrics can be used for much more.

In a few companies, fingerprint biometrics is also being used to control which employees have access to sensitive areas and sensitive functions where rogue employees are able to fiddle with a company’s finances. Yet, most companies still rely on passwords and ‘traditional’ virtual access control methods to protect bank accounts and accounting packages (and for virtual access on the whole) – most of them without managing the passwords people use or how they go about remembering them.

A few companies have taken the plunge and now use fingerprint biometrics to control access to their premises as well as their virtual premises. Instead of logging on with a password, a swipe of the finger is all it takes. Perhaps the growth of fingerprint access on smartphones has made people more aware of the possibilities.

Yet, despite the obvious security benefits of biometrics, many companies have no plans to change their operational systems to incorpor-ate them, even in sensitive positions. Hi-Tech Security Solutions asked ViRDI SA’s Deon Janse van Rensburg for his take on why this is happening despite the growing global awareness of fingerprint biometrics.

Janse van Rensburg says that he is finding more companies enquiring about the convergence between physical and virtual access control systems. However, the enquiries seldom turn into a rollout. He says there are two main issues preventing virtual biometric access from becoming mainstream: cost and an understanding of how these systems work.

“Any converged system becomes an expensive capex exercise due to the complexity of the system, resulting in many man-hours in configuration and training,” Janse van Rensburg explains. “Users rarely have an idea of this complexity and rarely understand the impact that the deployment of such a solution will have on their businesses from a capex, administration, maintenance, infrastructure layout and IT infrastructure point of view.

“I call it the ‘Hollywood Effect’ and many other disciplines are experiencing the same where expectation rarely meets reality.“

More secure access?

Janse van Rensburg is clear that biometrics does add to the level of security. “As any IT security specialist will tell you, passwords to access computer systems are predictable due to users using passwords that they can remember and that are familiar to them. I recently read an article that provided examples of such predictable passwords which include names of pets, family members, birthdays etc.

“Another issue is that passwords are shared with other people, rendering the security features virtually useless. With fingerprint biometrics and the way the extraction technologies work, this becomes exponentially more difficult as fingerprint templates are extremely complex and should be encrypted to an AES standard.”

Additionally, he notes that since the same optics and algorithms are used for both physical and virtual access control, the virtual systems are as secure as the systems being used for access control and T&A. “The challenge is that physical access control systems, i.e. the biometric terminals, are very rarely the object of targeted malicious software and hacking attacks. This is where the difference lies, virtual systems are under constant hacking attacks and the safeguarding thereof cannot be handled by the biometric devices. If the network security can be breached then the system is vulnerable.”

ViRDI’s virtual access devices

When it comes to the options customers have from ViRDI for virtual access, Janse van Rensburg says the company supplies various PIV/AFIS types of devices – dependent on the application. “Normally we would supply our FOH02 USB reader, but if the client has the requirement for FBI approved PIV/iAFIS devices they would be looking at the FOH04 and V-ScanFB series of devices.

“Our off-the-shelf software is actually a combination of packages. V-Bioguard interacts with Active Directory and replaces the password functionality with fingerprints. It provides a GUI for rights assignment, monitoring and reporting functionality. The second portion of the software solution is the MASS-Server, which allows the identification of a 1:1 000 000 (1:N) fingerprints in under 1 second.”

For more information contact ViRDI Distribution, +27 (0)11 454 6006, [email protected], www.virditech.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Deposita's Digitisor SmartPOS devices can grow your business
Deposita Financial (Industry) Asset Management, EAS, RFID
The Digitisor N910 Pro and N700 SmartPOS devices are suited for SMME retailers and suppliers looking to enhance their customer payment experience.

Read more...
Suprema renews international privacy and security standard certifications
Suprema News Access Control & Identity Management
Suprema has simultaneously renewed two important international standard certifications regarding information security management (ISO/IEC 27001) and privacy information management (ISO/IEC 27701).

Read more...
SuperVision biometric access control
Integrated Solutions Access Control & Identity Management Products
SuperVision is a time & attendance (T&A) biometric access control system Fourier IT has been developing and enhancing for 18 years.

Read more...
The $600 000 question
Cyber Security Security Services & Risk Management Financial (Industry)
Usman Choudhary, chief product officer of VIPRE Security Group, advises companies to do the basics to protect themselves before looking for cyber insurance.

Read more...
Biometrics deliver added benefits to residential estates
IDEMIA Residential Estate (Industry) Access Control & Identity Management
For years, South African estates have enjoyed the convenience and security of contact biometric technologies, and now they have evolved to offer contactless options for more than access control.

Read more...
Redefining access control in the commercial sector
Axis Communications SA Commercial (Industry) Access Control & Identity Management
Technology is key to keeping assets and personnel safe and secure, especially in the face of concern surrounding proposed new trespassing laws.

Read more...
SALTO launches integrated Technology Partner Programme
Salto Systems Africa News Access Control & Identity Management Commercial (Industry)
SALTO Systems has announced it is offering other technology leaders the opportunity to partner with it for an integrated and improved customer offering.

Read more...
Suprema launches BioStation 3
Suprema neaMetrics Editor's Choice Access Control & Identity Management News Products
Suprema has launched BioStation 3, a contactless access control terminal specialised for facial recognition in the post-Covid era.

Read more...
Better process control and audit reporting from Traka
Traka Africa News Access Control & Identity Management Asset Management, EAS, RFID Commercial (Industry)
Traka has announced it will be launching its next-generation key management systems in 2023, providing enhanced security, serviceability and traceability.

Read more...
eCommerce losses to online payment fraud to exceed $48 billion
Editor's Choice News Security Services & Risk Management Financial (Industry)
A new study from Juniper Research has found that the total cost of eCommerce fraud to merchants will exceed $48 billion globally in 2023, up from just over $41 billion in 2022.

Read more...