By Hector Hoyos, CEO of Hoyos Labs
The Target data breach that occurred late last year affected millions of customers and shook their trust in the company. The impact of that breach has been at the forefront of both consumer and corporate minds for months and likely won’t be going away anytime soon with pending legal repercussions almost constantly in the headlines. To make matters worse, Target acknowledged that the corporation actually knew about early signs of the breach but “determined that it did not warrant immediate follow up.” So how can companies learn from this kind of hack and be proactive to prevent their brands from ultimately suffering the same fate?
Corporations have been considering several different innovative technologies to keep private material secure – everything from utilizing standalone iris-scanning devices to implementing more complicated passwords – but most are going about it the wrong way and setting themselves up to be hacked again and again. The question on companies’ and consumers’ minds is this: what is the most effective and convenient solution to protect our personal and corporate material from future attempts at identity theft? As we’ve seen repeatedly, hackers can easily steal or uncover usernames and passwords, PINS and tokens (think: RSA), on a massive scale.
Of course, traditional log-ins are a common burden for users due to the sheer number of usernames and passwords that each person has to remember for all of his or her accounts, from online banking profiles to Facebook pages. It’s essential that consumers and corporations adopt a security method that both eliminates the need for usernames and passwords and incorporates biometrics to assert our unique identities. Today, there are two types of identity assertion solutions for biometric technology – tokens and token-less methods. To successfully tackle the issue of convenient, effective security, one of these methods prevails while the other comes up lacking.
Tokens include any stand-alone gadget, piece of hardware or access key that’s used for Two-factor Authentication (2FA), which uses either a unique PIN or the user’s biometric information to complete the identity authentication process. Token-less methods include integrated biometric solutions that leverages existing acquisition devices – like smartphones, which we carry around with us everywhere we go – to obtain the biometric information that’s needed to log into websites or accounts. Tokens require an extra piece of hardware or gadgetry to carry around, which can easily be lost, stolen, hacked or spoofed.
For example, RSA’s SecurID 2FA token was hacked on the back-end where it stores the algorithm that’s used to generate unique PINs. As a result, hackers used this information and algorithm to infiltrate Lockheed Martin and steal classified information. RSA’s tokens were also hacked by a group of computer scientists who opened the SecurID 800 and other similar 2FA tokens in just under 13 minutes. During this hack, they were able to extract the secure key codes that had been stored and generated in the device. Ultimately, it’s clear that tokens are a step backward when compared to complete, end-to-end biometric identity assertion platforms.
At Hoyos Labs, we believe that embedded technology is the answer. By enhancing smartphones with biometric technology and creating one integrated solution, consumers and corporations have the ability to improve security and convenience in a way that greatly reduces the odds that another mass security breach will take place. People don’t want to carry around yet another gadget with them; they want to rely solely on their smartphones instead of another dongle or add-on.
It’s essential to have an end-to-end technology with a secure back-end and what’s called “liveness” detection – being able to distinguish a living person from a photograph or video, which is crucial in preventing hacks like the one on the Android 4.0’s facial recognition feature, Face Unlock. This technology was circumvented by using a photo of someone’s face to unlock the phone. Iris biometrics is the most secure biometrics available, as no two irises are the same, even among identical twins.
Having secure back-end software also allows for intrusion detection and data encryption, which most biometric tokens lack if they exist as hardware alone. In recent years, many companies have started to add biometric acquisition to their smartphone devices, which demonstrates that corporations are catching wind of the need to integrate biometrics to keep their material safe.
In the end, the time has finally come for biometric solutions to be both secure and convenient for consumers and corporations alike. We are now moving technological progress forward toward a future without passwords or tokens, with the hope of eliminating all future identity theft and corporate hack stories for good.
About Hector Hoyos, Chairman and CEO of Hoyos Labs:
Hector Hoyos has been in the biometrics and IT fields since the mid-1980s as the founder and president of various biometric companies. He co-founded and presided over Biometrics Imagineering Inc., creating state-of-the-art technologies, such as fingerprint identification systems and interactive financial transaction systems. He also helped incubate the Praetorian technology, a real-time video surveillance technology, which, in February 2008, was awarded a training/video surveillance contract by the U.S. Marine Corps. Additionally, Hoyos served as the founder and CEO of EyeLock Inc., an iris-based identity authentication company, previously named Global Rainmakers, Inc. (GRI). He also invented the highly acclaimed HBOX, Eyeswipe and Eyelock iris biometrics-based access control family of products. His inventions have been implemented in various verticals including border control, education, healthcare facilities, airports and financial institutions, among others, both in the U.S. and abroad. Currently, he manages a digital infrastructure security company, Hoyos Labs, with a biometrics R&D lab located at the Cambridge Innovation Center on MIT’s campus. Most recently, Hoyos Labs announced the debut of HoyosIDTM, a mobile app for Android and iPhone devices that will leverage biometrics to securely and accurately authenticate one’s identity and eradicate the need for usernames and passwords.