Give passwords the finger

May 2017 Financial (Industry), Access Control & Identity Management

Biometrics in its many forms has become standard in many organisations, especially for access control and time and attendance (T&A) functionality. But biometrics can be used for much more.

In a few companies, fingerprint biometrics is also being used to control which employees have access to sensitive areas and sensitive functions where rogue employees are able to fiddle with a company’s finances. Yet, most companies still rely on passwords and ‘traditional’ virtual access control methods to protect bank accounts and accounting packages (and for virtual access on the whole) – most of them without managing the passwords people use or how they go about remembering them.

A few companies have taken the plunge and now use fingerprint biometrics to control access to their premises as well as their virtual premises. Instead of logging on with a password, a swipe of the finger is all it takes. Perhaps the growth of fingerprint access on smartphones has made people more aware of the possibilities.

Yet, despite the obvious security benefits of biometrics, many companies have no plans to change their operational systems to incorpor-ate them, even in sensitive positions. Hi-Tech Security Solutions asked ViRDI SA’s Deon Janse van Rensburg for his take on why this is happening despite the growing global awareness of fingerprint biometrics.

Janse van Rensburg says that he is finding more companies enquiring about the convergence between physical and virtual access control systems. However, the enquiries seldom turn into a rollout. He says there are two main issues preventing virtual biometric access from becoming mainstream: cost and an understanding of how these systems work.

“Any converged system becomes an expensive capex exercise due to the complexity of the system, resulting in many man-hours in configuration and training,” Janse van Rensburg explains. “Users rarely have an idea of this complexity and rarely understand the impact that the deployment of such a solution will have on their businesses from a capex, administration, maintenance, infrastructure layout and IT infrastructure point of view.

“I call it the ‘Hollywood Effect’ and many other disciplines are experiencing the same where expectation rarely meets reality.“

More secure access?

Janse van Rensburg is clear that biometrics does add to the level of security. “As any IT security specialist will tell you, passwords to access computer systems are predictable due to users using passwords that they can remember and that are familiar to them. I recently read an article that provided examples of such predictable passwords which include names of pets, family members, birthdays etc.

“Another issue is that passwords are shared with other people, rendering the security features virtually useless. With fingerprint biometrics and the way the extraction technologies work, this becomes exponentially more difficult as fingerprint templates are extremely complex and should be encrypted to an AES standard.”

Additionally, he notes that since the same optics and algorithms are used for both physical and virtual access control, the virtual systems are as secure as the systems being used for access control and T&A. “The challenge is that physical access control systems, i.e. the biometric terminals, are very rarely the object of targeted malicious software and hacking attacks. This is where the difference lies, virtual systems are under constant hacking attacks and the safeguarding thereof cannot be handled by the biometric devices. If the network security can be breached then the system is vulnerable.”

ViRDI’s virtual access devices

When it comes to the options customers have from ViRDI for virtual access, Janse van Rensburg says the company supplies various PIV/AFIS types of devices – dependent on the application. “Normally we would supply our FOH02 USB reader, but if the client has the requirement for FBI approved PIV/iAFIS devices they would be looking at the FOH04 and V-ScanFB series of devices.

“Our off-the-shelf software is actually a combination of packages. V-Bioguard interacts with Active Directory and replaces the password functionality with fingerprints. It provides a GUI for rights assignment, monitoring and reporting functionality. The second portion of the software solution is the MASS-Server, which allows the identification of a 1:1 000 000 (1:N) fingerprints in under 1 second.”

For more information contact ViRDI Distribution, +27 (0)11 454 6006, deon@virditech.co.za, www.virditech.co.za


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Read more...
Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

Read more...
MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Read more...
MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

Read more...
MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Read more...
Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.

Read more...
Delta Scientific prevents two vehicle attacks
August 2019 , Editor's Choice, Access Control & Identity Management, Security Services & Risk Management
Two vehicular attacks that occurred eight days apart at the Mayport Naval Station were stopped, the preventing both intruders from penetrating the site.

Read more...
Child fingerprint identification solution
July 2019 , News, Access Control & Identity Management
Gavi, NEC, and Simprints to deploy world’s first scalable child fingerprint identification solution to boost immunisation in developing countries.

Read more...
Versatile electronic lock cylinders
July 2019, Salto Systems Africa , Products, Access Control & Identity Management
Fully integrated with the SALTO System’s Space and SALTO KS platforms, the new Geo range of electronic cylinders are compact in size, making them a suitable solution for almost any type of door.

Read more...
SIA talks open APIs at ID4Africa
July 2019 , Editor's Choice, Access Control & Identity Management, Integrated Solutions
Pioneering industry-first open standards initiative from the Secure Identity Alliance assures interoperability for sovereign ID programmes and promises to eliminate vendor lock-in.

Read more...