Identifiers and authenticators are the most essential elements for verifying user access rights. A potentially unlimited number of people may know your identifier, it often being the same as your email. On the other hand, authenticators are kept secret, thus becoming the most common target for cyberattacks. Intruders who were able to gain access to authentication data get an opportunity to secretly engage in malicious activity on behalf of legitimate users.
Most authentication systems still rely on passwords (secret words). This means that they remain vulnerable to password-cracking and social engineering techniques. Moreover, in case a password is stolen, you are not likely to be able to detect this until an explicit security breach has occurred.
Specialized strong authentication technology based on relevant software and devices (tokens, smart cards, one-time password generators, smartphone apps, etc.) should be sufficient to counter the threats and issues related to password-based authentication.
These IT solutions can counter most threats associated with identification and authentication systems. Yet, we should always keep in mind that for criminals, the bottom line is their potential financial gains. Whenever large amounts of money are at stake, intruders will stop at nothing to try and gain access to critical data (trade secrets, financial statements, control consoles for critical processes, etc.). They may even come up with criminal schemes to obtain passwordless authenticators by stealing hardware tokens, compromising certificate authorities that issue certificates, etc.
The data and IT infrastructure segments that may have high value in the eyes of intruders require the most effective information protection technology.
Biometric systems are the best tools for ensuring effective strong authentication at a top security level. Their key advantages over password-based systems and other solutions relying on hardware tokens or digital certificates are listed below.
- Your authenticators cannot be compromised since it is impossible to steal or publish the physiological and behavioral characteristics of your employees. Modern biometric systems are highly accurate and can detect most attempts to use a fake biometric authenticator.
- The risk that your authenticators may get damaged is quite low since users are most likely to treat their own body with more care compared to any hardware token
- Users no longer need to remember secret information or carry a special device. A person’s biometric characteristics are an inherent part of them, so they are always at hand.
In other words, when biometric authentication is used for protecting confidential information, access to such information will require the physical presence of a given user.
Successful deployment of a biometric authentication system calls for its integration with existing corporate services and applications.
The optimal solution would be to use biometric scanners in combination with the Two-Factor Authentication (2FA) Provider and Enterprise Single Sign-On (ESSO) solutions. This software suite will provide you with an authentication system that cannot be bypassed and supports biometric authentication across all corporate services and applications.
Successful integration of biometric authentication solutions with your IT infrastructure is not limited to simply purchasing biometric scanners. The main reason for this is that software supplied together with the popular models of biometric scanners will aim to protect your workstation as a whole (at the operating system level) rather than individual target applications that your management may consider most essential for the company.
This means that if you don’t have additional software enabling biometric authentication for desktop and web applications, then your security system may prove inadequate for handling relevant cyber threats. The main reason here is that applications would use vulnerable passwords for authentication.
Indeed AM is a software and hardware system providing centralized identity management policies and a universal authentication technology for all corporate services with the use of biometrics.
Indeed AM supports the following biometric authentication technology:
- Palm vein pattern
- Face geometry (2D and 3D)
Each of these solutions has its own strong and weak points listed in the table below.
|Fingerprint||2D face||3D face||Palm vein pattern|
|Recognition accuracy||High||Medium||High||Very high|
|Complexity of making a dummy||High||Low||Medium||Very high|
|Costs (equipment and licenses)||Medium||Low||Medium||High|
|Hygiene||Low (contact sensor)||Very high||Very high||Medium (touchless sensor with a palm rest)|
|Error resistance (dirt, skin cuts, etc.)||Low (good skin condition required for fingers)||Medium (good lighting required)||Very high||Very high|
The Enterprise Single Sign-On module enables integration of a biometric authentication system with individual applications even if your target service does not support any authentication scenarios other than password protection.
Moreover, you can use the Indeed AM platform to set up individual authentication scenarios (including biometric options) for each individual desktop or web application. In this case, users do not even need to know their password; all passwords will be stored in the Indeed AM secure vault. This means that Indeed AM cannot be bypassed for any type of authentication.
The platform has an additional advantage in that it supports integration with Physical Access Monitoring and Control Systems (AMCS). You will have the option to use the same biometrics for both logical access to information resources and physical access to the company premises.
- Active Directory
- Workstations running Microsoft Windows
- Windows desktop applications
- Web applications on Windows-based workstations
Static biometric identification and authentication technology
- Palm vein pattern
- Face geometry (2D and 3D)
Biometric scanner models
- Fujitsu PalmSecure (palm vein pattern)
- Intel RealSense (3D face)
- BioSmart PalmJet (palm vein pattern)
- Futronic FS-80 (fingerprints)
- Full HD web cameras by any manufacturer (2D face)
Third-party security solution integration
- Workstation security solutions (Secret Net Studio)
- Permission and user account management solutions: Solar inRights, 1IDM, Cube, Microsoft FIM, and IBM Tivoli Identity Manager
- Solutions for information security event monitoring and correlation: SIEM solutions
- Access monitoring and control solutions: Bastion, Orion (Bolid), and TSS AMCS (Seven Seals)