The Benefits and Risks of Biometrics

July 28th, 2016   /     /   smarter identity

These days it feels like enterprises are having a tougher and tougher time securing sensitive business data- including that of their employees. In order to help minimize the risk of a data breach, more organizations are considering biometrics as a secondary factor of authentication.

Verifying employee identities with a password (something they know) in conjunction with a biometric factor like a thumbprint (something they are) should provide a significant increase in security. So why are some enterprises hesitant about implementing biometrics?

Biometric Data Compromises

Passwords are annoying. They must be changed frequently, can be tough to remember (especially if your company doesn’t use a single-sign-on solution) and need to be manually reset if forgotten or compromised. That said, lost or stolen passwords are still relatively easy to replace when necessary. The same cannot be said for thumbprints or iris scans.

“The risks or consequences if biometric data gets compromised are larger than if a password secret gets compromised,” says OneLogin VP of Product David Meyer in a recent article by the Wall Street Journa. Compromised login information like usernames and passwords can be replaced any number of times, “but they can’t change their fingerprint or facial geometry.”

It’s true that biometric authentication can add a new layer of security to business data. But how would you feel if your company suffered a data breach, and biometric information like your thumbprint was leaked to the world?

How to Use Biometrics Securely

Despite these concerns, enterprises still have a lot to gain from biometrics if they implement these new measures responsibly.

According to Meyer, effective and secure biometrics use comes down to relying on security and compliance professionals. “Unless you’re a security expert you’re probably missing something,” he says.

The number of people who can access biometric data should also be limited as much as possible, and detailed procedures should be established to ensure that the company knows when and by whom this data is accessed.

Biometrics also should not serve as the only form of employee authentication. Rather, organizations should find the right combination of authentication factors. This may include passwords, a one-time-password, biometrics, etc.

It’s no secret that biometrics are gaining attention from security and compliance professionals, including our experts at OneLogin. The standard procedures for biometrics are still being established, but we are currently researching the most reliable ways implement them into our already robust set of MFA configurations.

Learn more about OneLogin Multi-Factor Authentication

Want to learn more about the multi-factor authentication offered by OneLogin? Click here to contact one of our sales team . We’d be happy to answer any questions you may have about enterprise-grade MFA offered by OneLogin. You can also learn more by reading another post on biometrics, “Are Biometrics the Future of Authentication?”.

About the Author

Khizar Sultan, Lead Solutions Engineer, works with OneLogin’s largest prospects to help meet their identity and access needs. The Solutions Engineering team works to provide easier and more secure methods for end-users, along with new powerful ways for organizations to protect their applications. Khizar has spent 8 years designing security solutions for Enterprise companies, and loves working to solve complex use-cases.

View all posts by Khizar Sultan