How do you stop hackers? Biometrics, say experts
With hackers seemingly running rampant online and millions of users compromised, efforts for stronger online identity protection - mainly using biometrics - are gaining momentum.
Biometrics, which can include fingerprints, iris scans, facial or voice recognition and other methods, got a major boost with Apple's introduction of its iPhones with Touch ID. Samsung followed with its own fingerprint scanner and Qualcomm recently unveiled its 3D fingerprint technology incorporated in the chips used in many mobile devices.
From major tech firms such as Google, Microsoft and Yahoo to US cybersecurity officials, consensus is growing that the simple password, often the weak link in security breaches, needs to be replaced.
Tens of millions of passwords have been stolen in breaches of major retailers and banks including Target, Home Depot and JPMorgan Chase. Password theft is a key element in identity theft, the biggest source of fraud complaints in the US.
And a survey of large corporations using mobile commerce by RSA and TeleSign found around three per cent of revenue lost due to fraud.
Biometrics are likely to be a major part of any new identity verification effort, says Ramesh Kesanupalli, vice-president of the standard-setting Fast IDentity Online Alliance (Fido), which now has more than 170 members, including makers of hardware, software and financial firms.
Kesanupalli says that even solutions that add verification on top of a password are not as robust as biometrics.
"If you don't eliminate dependency on the password you're not solving the problem, you are only treating the symptom," Kesanupalli says.
He says fingerprint identification made major strides with the iPhone, and that other technologies such as facial recognition are still being improved.
Apple, in a "master stroke", used a fingerprint ID on the home button which is already used to activate the phone, Kesanupalli says. That means consumers don't need encouragement or special training to use it. Additionally, e-commerce firms can piggyback onto the phone's authentication to allow for more secure transactions.
And significantly, the Apple fingerprint is stored only on the device, so there is no database to be hacked.
International Data Corp says some 15 per cent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 per cent by 2020.
Yahoo, for one, is developing new security that will eliminate passwords, according to its chief information security officer Alex Stamos.
"We strongly believe at Yahoo that we need to get rid of passwords and that users need to move to other ways of communication," Stamos says, noting that new login credentials will be forthcoming.
Acuity Market Intelligence, meanwhile, projects that, by 2020, global mobile biometric market revenues will reach US$33.3 billion, including biometrically enabled mobile devices, apps and software for payments.
But not everyone in the tech world sees biometrics as the solution to security problems. "If you have a credit card that gets compromised you can get a new credit card, but what do you do if your iris or your fingerprints get compromised?" says Sascha Meinrath, head of the New America Foundation's X-Lab studying new technologies. Meinrath says there have already been successful efforts to fake someone's fingerprint, which "presents an entire new realm of security problems".
Stephanie Schuckers, head of the Centre for Identification Technology Research, says recent research has focused on "liveness detection" to guard against faking fingerprints or other biometrics. "This would ensure that the real biometric recognises a fake fingerprint," she says.