As hacking grows, biometric security gains momentum

March 7, 2015 by Rob Lever
With hackers seemingly running rampant online and millions of users compromised, efforts for stronger online identity protection—mainly using biometrics—are gaining momentum

With hackers seemingly running rampant online and millions of users compromised, efforts for stronger online identity protection—mainly using biometrics—are gaining momentum.

Biometrics, which can include fingerprints, iris scans, facial or voice recognition and other methods, got a major boost with Apple's introduction of its iPhones with Touch ID.

Samsung followed with its own fingerprint scanner and Qualcomm recently unveiled its 3D incorporated in the chips used in many .

From major tech firms such as Google, Microsoft and Yahoo to US cybersecurity officials, consensus is growing that the simple password, often the weak link in security breaches, needs to be replaced.

'Kill the password dead'

"I would love to kill the password dead as a primary security method because it's terrible," White House cybersecurity coordinator Michael Daniel told a security forum last year.

Tens of millions of passwords have been stolen in breaches of major retailers and banks including Target, Home Depot and JPMorgan Chase. Password theft is a key element in identity theft, the biggest source of fraud complaints in the United States.

And a survey of large corporations using mobile commerce by RSA and TeleSign found around three percent of revenue lost due to fraud.

Biometrics are likely to be a major part of any new identity verification effort, says Ramesh Kesanupalli, vice president of the standard-setting Fast IDentity Online Alliance (FIDO) which now has over 170 members including makers of hardware, software and financial firms.

Kesanupalli said that even solutions that add verification on top of a password are not as robust as .

"If you don't eliminate dependency on the password you're not solving the problem, you are only treating the symptom," Kesanupalli told AFP.

Fingerprint ID, facial recognition

He says fingerprint identification made major strides with the iPhone, and that other technologies such as are still being improved.

Biometrics, which can include fingerprints, iris scans, facial or voice recognition and other methods, got a major boost with Apple's introduction of its iPhones with Touch ID

Apple, in a "master stroke," used a fingerprint ID on the home button which is already used to activate the phone, said Kesanupalli. That means consumers don't need encouragement or special training to use it.

Additionally, e-commerce firms can piggyback onto the phone's authentication to allow for a more secure transaction without passwords, Kesanupalli said.

And significantly, the Apple fingerprint is stored only on the device, so there is no database to be hacked.

Another important development was Microsoft's announcement in February that it was joining FIDO and implementing new authentication methods in Windows 10 that will include biometrics.

"Moving the world away from passwords is an enormous task, and FIDO will succeed where others have failed," said Microsoft program manager Dustin Ingalls.

International Data Corp says some 15 percent of mobile devices will be accessed with biometrics in 2015, and the number will grow to 50 percent by 2020.

Yahoo, for one, is developing new security that will eliminate passwords, according to its chief information security officer Alex Stamos.

"We strongly believe at Yahoo that we need to get rid of passwords and that users need to move to other ways of communication," Stamos told AFP, noting that new login credentials will be forthcoming.

AcuityMarket Intelligence meanwhile projects that by 2020, global mobile biometric market revenues will reach $33.3 billion including biometrically enabled mobile devices, apps and software for payments.

Biometric fears

Biometrics are likely to be a major part of any new identity verification effort, says Ramesh Kesanupalli, vice president of the standard-setting Fast IDentity Online Alliance (FIDO)

But not everyone in the tech world sees biometrics as the solution to security problems.

"If you have a credit card that gets compromised you can get a new credit card, but what do you do if your iris or your fingerprints get compromised?" says Sascha Meinrath, head of the New America Foundation's X-Lab studying new technologies.

Meinrath noted that there have already been successful efforts to fake someone's fingerprint, and that other biometrics may also see the same fate.

"This presents an entire new realm of security problems," he said.

New technologies are helping make biometrics more secure.

Microsoft chief executive Satya Nadella touts Windows 10 and HoloLens capabilities at a press event in Redmond, Washington on January 21, 2015

Stephanie Schuckers, a Clarkson University professor and head of the industry-academic Center for Identification Technology Research, said some research is focused on "liveness detection," to guard against faking fingerprints or other biometrics.

"This would ensure that the real biometric is there at that time and place, and recognize a fake version of that stolen fingerprint," Schuckers said.

Some of the pressure for new identity verification systems is a response to huge losses hitting the financial sector, said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies in Washington.

"We don't know what the technology will be," Lewis told AFP.

"Consumers will decide what they like, and we will then see if the bad guys can figure out how to crack it."

Explore further: Fingerprint tech from Qualcomm uses ultrasonic sound waves

Related Stories

Fingerprint tech from Qualcomm uses ultrasonic sound waves

March 3, 2015

Password-less authentication to protect user data—we have heard the call into the future from tech giants before and for good reason: Users are frustrated over having to remember numerous password combinations to enter ...

FIDO specs to pave way for post-password era

December 10, 2014

Dedicated to easier yet stronger authentication, the FIDO (Fast IDentity Online) Alliance announced Tuesday that it has published specifications, for broad industry adoption of strong authentication next year. The standards-delivering ...

Computer scientist sees new possibilities for ocular biometrics

November 4, 2014

While many of us rely on passwords to protect our identity, there's more sophisticated identity recognition technology called biometrics that we could use. Security measures that use biometrics rely on a person's unique characteristics ...

London calling: phone biometrics should be handled with care

December 1, 2014

Current and future uses of biometric data and technologies have been under review in the UK, with the British Parliament hearing views from security experts. Biometric technology identifies individuals automatically by using ...

The future of biometric technology

March 6, 2014

Biometric security such as fingerprint, face and voice recognition is set to hit the mainstream as global technology companies market the systems as convenient and easy to use, according to a prominent information security ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (4) Mar 07, 2015
That isn't good enough. The hackers can fake your bio-signature and by-pass the password anyway. In the end the password is just bits.

You need a physical key which works like a Vacuum Tube so that the current which operates the circuits is literally supplied by a power supply in the biometric device, and can only give one-way commands from that device. Which is to say the CPU or the drive being protected cannot give commands to the biometric device, and derive their power supply from the biometric device, otherwise it would be hackable anyway.


Ordinary physical key concepts like, "Flash card passwords" or biometrics with ordinary circuits won't work, because they are hackable anyway. You need a physical key with a physical power supply through that key required to power the "sensitive" circuitry, so they system cannot be hacked from another computer, even if it is on the same global network....

2.3 / 5 (3) Mar 07, 2015
The reason the ATMs were hackable is because they were designed wrongly. They had a physical key (the card) and a PIN, but the circuitry ultimately was a circle-jerk. You could fake the command access withough a physical person and card, because it was all just 0's and 1's.

The type of system I described above could never be hacked from a remote machine, no matter how much the attacker knows about the system....
2.3 / 5 (3) Mar 07, 2015
Oh yeah, Uncle Ira, so you know:

You got your wish man.

I was PECed after a rant on Facebook back on the 21 of February, and willfully committed myself to a low security mental health hospital (even though the police agreed with what I wrote and even invited me to his Church). I requested release yesterday and was granted.

They tripled my dose of Wellbutrin and Klonapin, and also replaced Cymbalta with Abilify, and changed my blood pressure medicine.

Several sleep aides were tried, including one I already had and rarely used, and they produced hallucinations and hypnogogic dreaming each night, so I had the doctors take me back off of those.


I was diagnosed so far as this.

The (New) Psychiatrist combined with old Psycologists said that no one classification of mental illness was correct for me both on the 21 of February and on 4 March, but that I was abnormal.

They believe I do in fact have a mild case of Asperger's syndrome.
1 / 5 (2) Mar 07, 2015
It's none of anyone's business I guess, but you got what you wanted man. You along with 2 or 3 other incidents a few days before february 21 helped push me over the edge to that rant, and got me committed to a mental hospital, just like you always hoped for.

I hope you are happy and blessed by this.

The staff was very good, but also still misunderstands me. Ultimately I learned more from natural interaction with the other patients and several interns than from the staff. I also discovered that I am an absolute beast at Scrabble, Rummy, and Dominoes, as demolishing multi-degreed opponents, and even winning 1vs2 handicap matches against them. This is apparently from the "good" side of Aspergers. My bragging about it isn't inteded to be pride, it's intended to make the point that you were right, and my sister's original fears 4 years ago were right, I do have Aspergers and it is often very hard for me to deal with situations where I can't find a middle ground.
1.5 / 5 (2) Mar 07, 2015
They left the diagnoses of major depression, Anxiety and social anxiety, and added mild Aspergers as well as manic/depressive and panic disorder.

Truth is, most of those things arwe "natural" consequences of being a high level Savant or near-savant, because you can't relate to other people's feelings as well as you should, and that produces anger, mania, depression anyway as a "secondary" problem. So it's pretty bad when you have Primary depression and have mania and more depressiona as natural consequences of being socially isolated.

I will be seeing my counsellors more from now on, and I am going to try to join some sort of co-ed sports club to have interaction with guys and girls in a more relaxed environment than just school.

I haven't been able to check with instructors and deans yet, but I have probably been auto-dropped from all my courses for this semester at college, which pisses me off, but I guess that's life.
1 / 5 (2) Mar 07, 2015
So anyway, back on topic.

The circuitry you want to protect must get it's power supply from the physical key device or it will be hackable. You need dual power supply to all coded drives and circuits so that they cannot receive hostile commands from another computer or program.


If you've seen phenomenon, I can play that "name mammals alphabetically" as the second or third person, and not allow animals the other (college educated) person chose, and still beat their score.


366 to 210 score vs a triple degreed woman.

320 to combined 240 of the other 3 players in a 4 player game.

Why the hell am I like that? 4th standard deviation clerical aptitude, but only 2 standard deviation verbal can it make that much difference?

No wonder everyone thinks I'm stupid.

I'm as far beyond most humans as they are beyond monkeys, and they think I'm the stupid one, because they can't understand me....
1 / 5 (2) Mar 07, 2015
I have to find the color in things of life, or nobody will ever want to be around me, but how does one change decades of purely rational thinking strangely building on a foundation of religious do's and don'ts?

I tried starting over without a Bible, from purely metaphysics, meta-cognition as it were, and arrive at the same conclusion: There absolutely must be a God, and we are morally beholden to him.

There is no "Falsifiability" of God, and my argument as to why that is can't be refuted, though it is itself falsifiable in theory.

You cannot falsify Absolute truth nor Absolute Reality.

The very notion of attempting to falsify the Truth is a logical fallacy on the part of the unbeliever, as the First Cause (God) is so fundamentally true that it is inconceivable for the Being to not exist once you see the Set Theory argument.

The unbeliever who studies Set Theory in terms of Everything and Nothing should quickly come to the conclusion that abs nothing was never the case
1 / 5 (2) Mar 07, 2015
Highly educated, highly rational and intelligent people end up in mental hospitals, in part because "normal" people don't understand us and treat us like idiots, when they are the ones with the BIGGER mental problem of living totally irrational lives.

I want "Color". I want to live in the "moderation", the "middle ground" when extremes are nto possible or reasonable, the problem is Aspergers makes it very difficult to do that without either offending my own conscience or that of someone else. This isn't something you can totally coach away in a week or two of a hospital environment, but I must say the other patients helped me out a lot. Some of them got sick of my "Little Professor" problem too at times, but they also worked with me, and I even got one girl's phone number entirely from being a friend to her. I think I'm going to call her today for the first time since she was discharged.

I am not "Rain Man". I am more like a weaker "Daniel Tammet" after all.
1 / 5 (2) Mar 07, 2015
I know I have also been damaged by whatever is causing the Neurophathy. Between the damage and the drugs I have to be on, my cognition is doing as much as 10 to 30% by my own judgements and estimations from my maximum, as my WAIS score is down about 10 points from my prior maximum from my early 20's. It could be a randomly missed question, or it could be actual cognitive decline. I am not entirely sure at this point.

I know from digit span that my so-called "Sensory/Working" memory is very good.

However "mid-term" memory as I think of it (memorizing a new schedule or names and faces) is screwed for some reasons.

Long term memory is still very good, but remember so many facts and things and it's always there in there somewhere, and comes out randomly, or makes connections between ideas other people don't see as related.

I am sorry for the offense to people, but I am what I am. I can change with more social activities though.
1 / 5 (2) Mar 07, 2015
Example yesterday on news much agrees with something I suspected all along:

According to a study, I'd have to look it up to get which news channel it was, supposedly 15% of women have been sexually abused, but an astound 25% of young men have been sexually abused.

Perhaps I am wrong, but it seems that men abuse women either because they are bullies anyway (the "bad boy" image women chase after), or because they were weaker men bullied by the "bad boy" imaged guys, and take it out on women.

It's a vicious cycle that both sexes perpetuate.

women chase the bad boy image, but bad boys are well....bad for women...
bad boys abuse women.
Women turn to "good guys" but "good guys" were themselves abused by "bad boys", and may in fact be abusive as some sort of defense mechanism in arguments, etc.

The more bad boys women chase, the more they get abused one way or another, and the more men abuse one another in an attempt to meet that image.
1 / 5 (2) Mar 07, 2015
After years of thinking about it, I believe we should legalize medical marijuana and it's derivatives, and smoking it should be regulated like tobacco: Age limit 21.

Empties many jail cells and puts people back to work, empowering economy.
Police can concentrate on domestic violence, rape, murder, assault, vandalism, theft, instead of minor shit like smoking a joint or two.
"Sin Tax" on legalized marijuana would empower the economy, while "War on Drugs" vs illegal marijuana is a drain on economy, and promotes gang turf wars and violence which overflows into killing and robbing of innocent people.

If some of these recreational drugs were regulated instead of full bans, and sold in pharmacies with a prescription, it would boost the economy. The medical industry would get a huge income boost, and the "Sin Tax" on the recreational drugs would boost the federal government and state government instead of being a drain via "War on Drugs".
1 / 5 (2) Mar 07, 2015
What do you think of the Quran?
5 / 5 (2) Mar 07, 2015
@Returners tl;dr

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.