Learn the problem with facial recognition as well as software and hardware alternatives to the technology.
The recent shift to remote work has created a sizable dilemma for IT departments responsible for security. With work computers and users now scattered all across the country, it creates problems that simply didn’t exist when workers were mostly confined to a centralized office.
At the core of this problem is the need for authentication across devices that provide adequate security but also are non-intrusive and easy for users to use regularly.
Many companies have considered facial recognition technology to authenticate users and access. But recent trends show facial recognition falling out of favor with many employees.
SEE: Artificial Intelligence Ethics Policy (TechRepublic Premium)
We’ll look at why companies are concerned about facial recognition as well as some alternatives that are both secure and friendly towards employees’ concerns.
Facial recognition started as a seemingly superb way to authentic user access to sensitive data. It required very little effort on the part of users, and for the most part, it was considered secure.
More recently, employees are finding facial recognition to be intrusive. With concerns about how such highly personal biometric data is both stored and shared, it has caused employees to ask whether the trade-offs benefit them.
There are also concerns with reliability. When users are incorrectly locked out, they often have no recourse to resolve the situation on their own via various reset methods. This creates burdens for IT departments which must now deal with these issues.
The most common alternative to facial recognition would be two-factor authentication using an app such as Authy or Google Authenticator. This approach removes the need for any biometric data as the only forms of authentication needed are a password and a token provided by the 2FA app.
Many 2FA options can be combined with single sign-on technology to make it much easier for users as they move across different access points within a network.
Software solutions like Duo from Cisco can be used so users only need to authenticate one time as they move between platforms or even devices. Duo integrates SSO and 2FA to streamline authentication, and many corporations such as Etsy, Eventbrite and more are currently implementing this technology.
This approach can also be more secure than the single authentication method that facial recognition provides. Another benefit is that users have some control over recovering their own passwords or authenticator apps should there be a problem. This can lessen the burden on IT departments that would otherwise need to handle these tasks.
For higher security and flexibility, multi-factor authentication solutions are an alternative to facial recognition as well. With MFA software solutions like Okta, customized policies can be made for users to choose two or more authentication methods out of several. This allows for varied authentication methods that also include biometrics such as facial recognition if desired.
For some companies which have already implemented facial recognition or have compliance requirements that include facial recognition, this approach allows them to still meet those while allowing other users less stringent access.
Overall, MFA solutions allow for customized authentication options that fit almost any situation while remaining incredibly secure.
Hardware authentication can provide the speed and ease of use of facial recognition but without the privacy issues surrounding biometric data storage.
A device such as a YubiKey provides one-touch authentication across devices and platforms without the need for tokens to be entered by the user, such as with Authy or Google Authenticator. However, YubiKey does offer the ability to enter tokens or one-time passcodes so that it can still be compliant with most legacy systems.
YubiKey also uses the FIDO 2 protocol, which allows for completely passwordless logins using public key cryptography. This gives it the same user freedom as facial recognition where no password needs to be remembered, but in a less intrusive way.
The drawback here is that it does require the small physical YubiKey itself. However, users can have spare or backup YubiKeys that can easily be retrieved or activated on their own without the intervention of IT staff.
Once again, this allows users to often remedy their own issues, similar to a password reset, something facial recognition often lacks.
Sometimes biometric authentication is still preferred or even required to maintain compliance with certain policies or vendors. This has caused some companies to look for alternatives that are less intrusive than facial recognition.
One of these start-ups is called Typing DNA. While still a very new technology, it looks to use the individual typing patterns of users to perform continuous authentication.
The company refers to this technology as “typing biometrics” and it detects micro-patterns in how users type. This software only looks at the pattern of the typing, and the software does not actually read or monitor what is being typed. These micro-patterns then form a biometric fingerprint for that user. If the patterns change, the system is locked until various authentication methods are met.
The continuous authentication aspect of this sort of biometric system is what sets it apart. Most authentication options are one-time events. Devices left unattended can still be targeted. Typing DNA addresses that by being able to distinguish different users accessing a device, then lock them out.
It’s an interesting concept and shows that other less intrusive biometric authentication is possible with a little creativity, and some of these may displace things such as facial or fingerprint biometrics for some applications.