To date, biometrics have failed to capture the imagination of security managers for a variety of reasons. However, the NHS has begun to pioneer the fingerprint version of this technology, and it’s likely that the corporate banking and retail sectors will follow suit. Steve Barnett reviews the benefits of switching from ‘PIN to print’ when it comes to accessing IT and data systems.
Nowadays, it's so easy to steal a person’s identity and all of their passwords – a problem which (according to recent Home Office statistics) has cost the UK no less than £1 billion in the past year alone.

Identity theft and crimes resulting from obtaining passwords to access information held on corporate networks or into someone’s personal account has never been greater. More high value information than ever before is now kept on the Internet or Intranet, causing a proliferation of passwords and thereby compounding the problems associated with hacking, cracking and general computer misuse.

That situation isn’t helped by the fact that most people are happy to give out their passwords to perfect strangers or colleagues, and have to remember so many passwords that they write them down on ‘Post-It’ notes beside their computers or store them in their address books (or on unprotected laptops or PCs).

Too much to remember

The typical corporate user now has to remember between three and five passwords to access business systems and applications, plus many more for private use on web sites geared to home banking, buying goods or fun sites like Friends Reunited. Add to this “password ageing”. Then the user has (in theory) to remember between 18 and 30 eight-character alphanumeric passwords in a year. None of which should include a dictionary word, but nearly all of which do!

Passwords should never be written down, but they invariably are. Is it any wonder that, according to the Aberdeen Group, large organisations spend as much as £250 per annum per employee on computer password management as employees all-too-often forget their passwords and need to rely on the IT Department to re-set them?

Password administration ranks alongside anti-virus and spam as one of those thankless, expensive and time-consuming IT issues. A delegate at a recent security conference was bemoaning the fact end users were continually calling his support team because they’d forgotten to write their new passwords down. To his credit, at the suggestion that users should be encouraged to check the ‘Remember Password’ box, this IT manager exclaimed: “No! That’s just plain stupid!”

Given the amount of time, effort and money expended on passwords they really give so very little back. They’re an access control mechanism providing poor security, limited proof of identity and carrying no legal validity or possibility of verification. They’ve been around for well over 50 years, and it would seem that most people are now weary of having to remember multiple passwords which they have to change on a regular basis.

Using the fingerprint

Given the amount of time, effort and money expended on passwords they really give so very little back. They’re an access control mechanism providing poor security, limited proof of identity and carrying no legal validity

At long last, passwords can now be replaced with a secure, affordable and scaleable management solution – fingerprint recognition biometrics. Already, 11,000 NHS employees are currently using the technology in over 60 UK hospitals, with a further 30,000 remote workers out in the field who are now able to access patient records while on the move.

Hundreds of NHS patients are also using fingerprint recognition technology in Oxfordshire and Derbyshire to securely obtain access to their own medical records held within their doctor’s surgery, helping them to make sure their records are accurate and up-to-date as well as read over their notes and doctor consultations.

Although the NHS is an early adopter of biometric authentication, the banking and retail industries are set to be the next major sectors embarking on this solution for customers and employees who need an extra layer of security for the growing number of transactions taking place over the Internet and other data networks.

Recent research has shown that the biometrics market will top $4 billion by 2007. The technology has become an attractive and viable option for the banking industry in particular because the cost of producing the chips used in the fingerprint readers has dropped from £60 in 2001 to £4 in 2003. A typical mouse combined with a fingerprint reader now costs under £50.

What are the other benefits for security managers who want to switch to fingerprint access for IT and data systems? Well, people can now access multiple applications with just a touch of their fingerprint. They don’t need to remember multiple passwords or PIN numbers, and the technology is both easy to use and unobtrusive. Individuals are also solely accountable for their own actions and transactions.

Applications in e-commerce

For e-commerce applications, fingerprint biometrics could help to achieve easy-to-use, strong and legally-binding transaction processing.

Source

SMT

Postscript

Steve Barnett is chairman of ISL Biometrics (www.isl-biometrics.co.uk)