Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Biometric Authentication. Show all posts
User Privacy
Biometric Authentication Cyber Security Facial Recognition Threat Intelligence User Privacy

Ban the Scan - Is Facial Recognition a Risk to Civil Liberties?

 

There are numerous voices around the world opposing the use of facial recognition technology. Many people believe facial recognition poses a severe threat to individual privacy, free speech, racial inequality, and data security. People who oppose it have solid grounds for doing so, and they have strong reservations of employing this technology in any form, citing its extremely high false positive rate and its implications for civil and personal liberties, specifically individual privacy.

Critics argue that facial recognition is biassed towards people of color, women, and children. Surveillance cameras are more common in places where immigrants live, which adds fuel to the flames. The explanation is the greater crime rate in those areas. Facial technology has not matured sufficiently, and its usage under such an environment worsens an already complex situation. The flaws in the justice system will expand as a result of the technology's inefficiency, contributing to harsher sentences and higher bails for those affected. 

Forced deployment

Despite its flaws, facial recognition technologies are used by police and other law enforcement agencies across the world. Surveillance is the key industry in which it is most widely applied. It is also commonly used in airports for passenger screening, as well as for housing and employment decisions. In 2020, San Francisco, Boston, and a few other localities restricted the use of facial recognition. 

According to an article on the Harvard blog by Alex Najibi, “police use face recognition to compare suspects’ photos to mugshots and driver’s license images; it is estimated that almost half of American adults – over 117 million people, as of 2016 – have photos within a facial recognition network used by law enforcement. This participation occurs without consent, or even awareness, and is bolstered by a lack of legislative oversight.” 

Private companies are also attempting to capitalise on biometric scanning in various ways and collecting user data for a variety of purposes. It is not new to blame Google and Meta for collecting excessive amounts of user data. The most recent clamour came when the World Coin initiative, founded by OpenAI CEO Sam Altman, suggested iris scanning as a requirement for coin ownership. These private-sector initiatives are troubling. 

Compared to other biometric systems such as fingerprints, iris scanning, and voice recognition, facial recognition has the highest error rate and is the most likely to cause privacy problems and bias against marginalised people and children.

The Electronic Frontier Foundation (EFF) and the Surveillance Technology Oversight Project (S.T.O.P.) oppose the use of facial recognition in any form. S.T.O.P. is based in New York, and its work focuses on civil rights. It also conducts study and activism on issues of surveillance technology abuse. 

Regarding the ban on the scan movement, S.T.O.P. says, "when we say scan, we mean the face scan feature of facial recognition technology. Surveillance, particularly facial recognition. It is a threat to free speech, freedom of association, and other civil liberties. Ban the Scan is a campaign and coalition built around passing two packages of bills that would ban facial recognition in a variety of contexts in New York City and New York State.”
Read more »
Serco Leisure
Biometric Authentication data security Information Commissioner's Office Privacy Serco Leisure

Serco Leisure Faces Legal Action for Unlawful Employee Face Scanning



Serco Leisure, a prominent leisure firm based in the UK, finds itself at the centre of a regulatory storm as the Information Commissioner's Office (ICO) intensifies its scrutiny. The ICO has raised serious concerns over the alleged illegal processing of biometric data, affecting more than 2,000 employees spread across 38 leisure facilities operated by the company. At the heart of the matter is the contentious implementation of facial scanning and fingerprint technology, ostensibly deployed to track staff attendance. This move has drawn sharp criticism from the ICO, which contends that the company's actions in this regard are not only ethically questionable but also fall short of principles of fairness and proportionality.

Despite Serco Leisure claiming it sought legal advice before installing the cameras and asserting that employees did not complain during the five years, the ICO found the firm had failed to provide a clear alternative to collecting biometric data. The company's staff, who also undergo fingerprint scanning, were not offered less intrusive methods, such as ID cards or fobs.

The ICO, led by UK Information Commissioner John Edwards, argued that Serco Leisure's actions created a power imbalance in the workplace, leaving employees feeling compelled to surrender their biometric data. Edwards emphasised that the company neglected to fully assess the risks associated with biometric technology, prioritising business interests over employee privacy.

According to the ICO, biometric data, being unique to an individual, poses greater risks in the event of inaccuracies or security breaches. Unlike passwords, faces and fingerprints cannot be reset, heightening concerns regarding data security.

Serco Leisure, while committing to comply with the enforcement notice, insisted that the facial scanning technology aimed to simplify clocking in and out for workers. The company claimed that it consulted with team members before the technology's implementation and received positive feedback.

After this occurrence, the ICO is releasing new guidance for organisations considering the use of employees' biometric data. This guidance aims to help such organisations comply with data protection laws. The controversial nature of biometric technology has sparked debates, with privacy advocates asserting that it infringes on individuals' rights, especially as artificial intelligence enhances the capabilities of these systems. On the other hand, law enforcement and some businesses argue that it is a precise and efficient method for ensuring safety and catching criminals. 

Serco Leisure's use of facial scanning technology to monitor staff attendance has raised legal concerns, leading to an enforcement notice from the ICO. The incident surfaces the need for organisations to carefully consider the privacy implications of biometric data usage and explore less intrusive alternatives to protect employee privacy while maintaining operational efficiency. The ICO's upcoming guidance will serve as a crucial resource for organisations navigating the complexities of using biometric data in the workplace.



Read more »
UK Firms
Banking fraud Biometric Authentication Cyber Fraud Cybersecurity Financial crime UK Firms

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Read more »
W3C standards
Biometric Authentication Cyber Security Decentralized security Digital credentials Passwordless future User-centric Verifiable Credentials W3C standards

Embracing a Passwordless Future: Navigating the Shift to Decentralized Security in 2024

 

The world has swiftly embraced digitalization, empowering individuals to accomplish over 90% of their daily tasks through mobile apps or web interfaces. Activities like bill payments, flight bookings, health consultations, and even exploring one's DNA lineage have become more accessible, thanks to digital platforms.

Despite this progress, the average person manages about 35 accounts with traditional string-based passwords serving as the primary means to protect personal information. In December 2023, biotech company 23andMe experienced a security breach affecting nearly 7 million users, highlighting the vulnerability of string-based passwords, with a Google report revealing that 56% of individuals reuse passwords across various platforms.

To address these challenges, the industry is transitioning towards a decentralized model, envisioning a future where users transact using portable verifiable digital credentials (VCs), eliminating the need for traditional passwords. This shift aims to enhance security, reduce user fatigue from multi-factor authentication (MFA), and simplify the authentication and authorization process.

Governments are exploring the unification of citizens' digital credentials, enabling access to public services with government-issued verified credentials. Similarly, educational institutions are considering VCs to streamline onboarding processes and provide secure access to digital learning content.

This modern approach ensures users have control over their personal details stored in a digital wallet on various devices, secured by biometric gestures such as fingerprint, voice, or face recognition. Users can release or retrieve their VCs, and authentication becomes decentralized, free from traditional passwords.

The adoption of decentralized identity and verifiable credentials extends across sectors, including HR employee management, education, healthcare, government, and fintech. Recognized bodies like W3C are advocating standards for decentralized identity, providing an opportunity for businesses and institutions to create interoperable designs aligned with this new model.

In this architecture, trusted identity providers, potentially serving as decentralized issuers (DID), play a crucial role in certifying digital credentials. While witness ledgers, employing technology akin to blockchain networks, ensure traceability and trust in VC transactions, new vendors and institutions may emerge to compete in this evolving space.

Embracing this approach enhances security and efficiency for organizations, mitigating risks associated with email phishing, brute force attacks, and password breaches. It also streamlines operations, reducing operational costs tied to managing outdated password information and account recovery. This modernized vision of a portable account and passwordless future is essential for businesses to adopt promptly, safeguarding against sophisticated password breach incidents in 2024.
Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
WhatsApp security features
Biometric Authentication cryptographic keys Cyber Security Passkey Security Passkeys Passkeys authentication WhasApp WhatsApp security features

WhatsApp Announces Passkey Support for its Users


The modern digital landscape is witnessing an upsurge in cybercrime activities, and users can no longer rely on strong passwords to protect themselves. 

Thankfully, even on the best low-cost Android phones, biometric authentication is becoming mainstream and easily accessible. This has led to the adoption of passkeys for user authentication by a number of well-known social networking platforms and password manager apps. WhatsApp is the newest application to offer passkey support for all of its users after a month of beta testing. 

Passkeys replace conventional passwords with a unique cryptographic key pair, such that only the users can log in. Only after a successful biometric authentication, the key is made accessible to the respective users, negating the requirement for two-factor authentication techniques like OTP distribution through SMS and email. Passkeys shield users from the risks associated with password reuse and phishing attacks. Google disclosed the new technology supports more rapid user authentication after revealing support for passkey storage in its password manager.  

WhatsApp’s effort in adopting passkey technology came to light in early August. Also, beta testing on the same commenced in late September. 

Now, around a month later, WhatsApp announced support for passkeys was coming in the stable channel on X (formerly Twitter). The feature makes the login process significantly more secure by taking the place of the one-time password (OTP) sent via SMS. The app enables users to authenticate themselves using screen lock options, including their on-device fingerprint, face unlock, PIN, or swipe pattern. In the meantime, Google Password Manager automatically stores the cryptographic key. 

The login system, with no password requirement, turns out to be quite time-efficient for users when they are setting up WhatsApp on a new phone. Commendable enough, WhatsApp is also explaining to online users how passkeys work, in order to secure their accounts.  

Moreover, it is important for users to see the difference between passkeys for logging into WhatsApp and in-app features like WhatsApp chat lock, which still requires biometric authentication. Importantly, passkeys and passwords for traditional user authentication will both be available on WhatsApp.

However, WhatsApp has not yet clarified whether the feature will be made immediately accessible everywhere. Nonetheless, Passkey support, like every other major WhatsApp feature, is anticipated to be implemented gradually in the stable channel. But it is still great to see WhatsApp reiterate its dedication to user security and privacy with features like this.  

Read more »
Technology
Biometric Authentication Digital Footprint Digital Identity Metaverse Technology

Role of Biometric Authentication in Metaverse Technology

 

As we approach a new era of virtual reality, the digital world is becoming increasingly real. Businesses will grow in this new reality as individuals and organisations soon enter a parallel reality known as the metaverse and show themselves as their avatars, or 3D versions of themselves. 

But, like with every new technology, every invention has two sides. On the one hand, you will be able to completely customise your avatar and appearance in the metaverse. But what about security, on the other hand? How do you safeguard your personal information in such an open virtual environment? How do you protect the security of your identities when connecting with individuals and businesses on a level you've never encountered before? Biometrics holds the key. 

Role of biometrics in the metaverse 

Biometrics is a subset of the larger area of digital identity management. It entails using distinguishing physical characteristics such as fingerprints or facial features to identify people. 

Biometric technology has been used in security systems around the world for years—think retina scans at airports or fingerprints on smartphones—but now we're seeing more companies use it for employee access control as well as customer service applications like digital banking services or e-commerce sites where purchasing specific items requires verification through a scan of your fingerprint or face before a purchase can be completed. 

The growing number of social engineering attacks and other security concerns has a significant impact on how firms verify and authorise their online users. And, when it comes to the metaverse, things are rapidly deteriorating as fraudsters target weak lines of authentication security. 

If a company leaves an opening in the overall authentication process, consumer-facing malware could compromise identities. Although many organisations are concerned about the metaverse's underlying security and authentication vulnerabilities, most aren't taking the necessary steps to mitigate them. 

This is where a strong identity management solution with biometric authentication comes into effect. Users can quickly and securely authenticate themselves using biometric authentication by using face recognition or fingerprint scanning. 

Because no two people have identical biological characteristics, this greatly reduces the likelihood of identity theft. Because it provides an easy means for people to authenticate their identity without having access to passwords or PIN codes, biometrics is at the heart of building safe digital identities in the metaverse. 

Biometrics, as opposed to passwords, is based on unique biological traits such as fingerprints, voice, and facial attributes. No two people can have the same biological parameters. And because it is robust, there is a very small possibility that it will be compromised. 

Biometrics challenges in the metaverse

While biometrics has the potential to improve security and user experience in the metaverse, it is not without its drawbacks and challenges: 

Concerns about privacy: Users in the metaverse may be hesitant to share sensitive biometric data, such as facial recognition or fingerprint scans, for fear of potential breaches or exploitation. Maintaining the security of this data becomes critical, posing a serious privacy concern. 

Security Risks: Biometric data in the metaverse, like in the real world, is vulnerable to hacking efforts. Cybercriminals may target biometric authentication systems, jeopardising users' identities and security. 

Accessibility Issues: Biometric authentication relies on specific physical or behavioural qualities that may not be available to everyone. Some users may require additional technology or have circumstances that make biometric detection problematic, preventing them from having a seamless metaverse experience.

False Positives and Negatives: Biometric systems are not perfect. False positives (recognising an unauthorised user as authorised) and false negatives (failing to recognise an authorised user) can occur, causing authentication challenges and potential user irritation. 

Biometrics' role in the metaverse is a two-edged sword. While technology has the potential to provide greater security, personalised experiences, and seamless interactions, it also poses privacy, security, accessibility, and ethical issues. To establish a secure and inclusive virtual environment, the successful incorporation of biometrics in the metaverse will require careful assessment of these issues as well as a commitment to addressing these challenges. 
Read more »
Secure Authentication
Biometric Authentication Cyber Security Secure Authentication

Experts predict the disappearance of passwords before the end of the decade

According to cybersecurity experts, password identification in online services is a thing of the past. In the future, they will be completely replaced by biometric authentication and other means of protection.

Since this year, biometric authentication applications have been available to corporate and home Windows users. You can also activate identity verification methods by sending a code to your phone, other device, or linked account.

Authentication by biometric parameters significantly simplifies the daily use of various services and at the same time complicates the theft of personal data, said Alexey Novikov, Director of Business Development at ESET.

"However, in case of data loss, attackers gain access to the user's biometric profile. Today, the introduction of secure technologies prevents the mass distribution of passwordless authentication, and it costs a lot. Large companies are not always ready to revise the budget, and small and medium-sized businesses can hardly afford this,” Novikov said.

According to Denis Bezkorovayny, co-founder of Proto Group, already in 2022 some of the largest sites and services will begin to refuse to use passwords.

According to the expert, the IT community has long set itself the task of distributing password-free access, there are successful cases of such implementation in the banking and corporate sector.

"Now we are coming to the fact that the password becomes less convenient for the user, and it becomes less problematic for attackers. Because of this, there is a leap towards password-free or passwordless authentication," the expert explained.

It should be noted that passwords can be replaced by authentication methods such as codes, hardware tokens, smart cards, and biometrics.

For example, in Estonia, every resident of the country has a smart card for access to public services, the electronic digital signature of documents, and much more, including password-free authentication on a variety of government and commercial resources.

Read more »
Subscribe to: Posts (Atom)