Biometrics Seen as SecurID AlternativeExploring Multifactor Authentication
In March, RSA revealed intruders broke into its computers (see Hackers Take Aim At Its SecurID Products), exposing secret codes for its two-factor authentication SecurID token. Since then, RSA has been working closely with its customers to assure the safety of the product (see RSA's Post-Breach Security).
That's an approach Unisys' Steve Vinsik gives the security maker much credit. And, taking the proper precautions RSA provides could satisfy many SecurID users, says Vinsik, Unisys vice president and partner for enterprise security. Another option: switching to a competitors' product. Still, he says, at the end of the day, the use of these technologies maintains the status quo. "They let you do the same-as-usual type of security," he says. "If attacked once, and hacked once, it can certainly be done again." Another approach, Vinsik suggests, would be to implement an alternative factor, such as biometrics.
The concept behind multifactor authentication is that the user provides at least two different factors - something the user has, such as a token; something the user knows, such as a password; and something the user is, such as a fingerprint. In the case of tokens such as SecurID, the factors are what the user has and knows. But users jittery about the security of the has factor could substitute it with the is factor, such as an image of the eye's iris or the sound of a voice, Vinsik says.
The enterprise security expert points out that many users own smartphones that, with the right, inexpensive software, can scan an iris or record a voice to produce biometrics that can be employed for authentication. "It's not something that can be easily copied from a forensic perspective," Vinsik says. "Biometrics are a strong play, and they're gaining a lot more acceptance in the industry."
In the interview, with GovInfoSecurity.com's Eric Chabrow, Vinsik discusses the:
- Pros and cons of continued SecurID use.
- Use of biometrics as an authentication factor.
- Need to go beyond safeguarding the perimeter to secure the information itself.
Vinsik is responsible for the enterprise security portfolio for Unisys globally; which includes solution engineering, marketing strategy, delivery and relationship management for technology and services partners. Over the past 16 years, Vinsik has led field operations teams that conduct research and development, application development and systems integration for information security programs that span biometric and surveillance technology integration, command and control applications, secure cloud solutions, security architecture, physical and cybersecurity and information systems domains. Vinsik has served on several national and international standards committees including the international committee on biometrics standards and is the board secretary of the BioAPI standards organization.