Passwords are a constant source of stress for IT professionals. C-suite executives want the best possible protection for company networks, but they often balk at complicated password rules and periodic resets. Employees who are frustrated by the need for multiple passphrases across private networks, public clouds and business intelligence tools may choose a single, easily guessed word or number set and thereby put critical data at risk. According to a January 7 article in Forbes, this may soon change. New York-based research company Hoyos says it has developed a type of biometric security intended to replace passwords once and for all.
Hoyos debuted the new system, named HoyosID, at this year’s CES convention. The technology uses a free mobile app to measure the topography of a user’s face, micromuscle movement and pupil dilation to create an unbreakable key for technology including smartphones, desktops and office networks. Companies will lease servers from Hoyos Labs, and the company will generate a unique SSL key each time users authenticate their ID. After identity is confirmed, the key is completely scrubbed from the system. According to Hector Hoyos, “Now [hackers] are forced to hack one user at a time.” Biometric security data is stored only on the user’s device, and two-dimensional photographs will not work as hacker substitutes. There is strong initial buzz surrounding this system and other biometric technologies such as iris or fingerprint scanners. Apple released a print scanner with its latest iPhone, for example, and although it was quickly hacked, it represented a distinct step forward. IT professionals are weary of employees forgetting their passwords, losing tokens or choosing the dreaded “Password123.”
For midsize IT, the biggest benefit to biometrics is simplicity; users cannot leave their face at home. If all data stored on personal smartphones can be unlocked only with the same biometric protocol, the number of incidents resulting from lost and improperly locked phones should decrease sharply. If HoyosID or another biometric security solution does manage to prove its worth, IT professionals should consider how they can take advantage of this innovation.
The Cyber Citizen
In a recent CNNMoney interview, author Peter W. Singer discusses his latest book, “Cybersecurity and Cyberwar: What Everyone Needs to Know.” Singer argues that cybersecurity is the most important issue facing American businesses but that it is the least understood. President Obama called cybersecurity risks “the most serious economic and national security challenges of the 21st century,” but former CIA director Michael Hayden stated that “rarely has something been so important and so talked about with less and less clarity and less apparent understanding.” In other words, midsize companies know that they are facing a real threat, but they are not sure what the solution is. In many cases, C-suite members with no formal IT training must make far-reaching decisions. Singer notes that 70 percent of C-suite executives, even those with no technology background or training, have made cybersecurity decisions for their company.
Enter biometric security. While these technologies are inherently appealing because of their simplicity, the cost of implementation may seem daunting to executives. For midsize IT, this means a change in role from being the arbiters of security to investigators discovering whether new security measures can actually reduce complexity while still providing protection equal to or better than typical passwords. If mobile facial recognition and other technologies earn a passing grade, IT admins will have to educate both C-level executives and front-line employees, whom Singer calls “cyber citizens.” IT budgets have changed. Admins are no longer given dollars without strings attached; they must be able to show board members how security investments reduce loss or boost revenue. Prepared or not, executives are already making these kinds of decisions. IT professionals must face the reality of a new security landscape.