Learn the problem with facial recognition and software and hardware alternatives to the technology.
The recent shift to remote working has created a major dilemma for IT departments responsible for security. With work computers and users now scattered all over the country, problems arise that simply did not exist when workers were mostly confined to a centralized office.
At the heart of this problem is the need for cross-device authentication that provides adequate security, but is also non-intrusive and easy for users to use on a regular basis.
Many companies have considered facial recognition technology to authenticate users and access. But recent trends show that facial recognition is falling out of favor with many employees.
TO SEE: Ethical Policy for Artificial Intelligence (Tech Republic Premium)
We’ll take a look at why businesses are concerned about facial recognition, as well as some alternatives that are both safe and friendly to employee concerns.
The Face Recognition Problem
Facial recognition started out as a seemingly excellent way to gain authentic user access to sensitive data. It required little effort from the users and was considered safe for the most part.
More recently, workers find facial recognition intrusive. With concerns about how such highly private biometrics are both stored and shared, this has left employees wondering if the tradeoffs are right for them.
There are also concerns about reliability. When users are wrongly locked out, they often have no way of resolving the situation on their own through various reset methods. This puts a burden on IT departments that now have to deal with these issues.
Face Recognition Alternatives
The most common alternative to facial recognition is two-factor authentication using an app like Authy or Google Authenticator. This approach eliminates the need for biometrics, as the only forms of authentication required are a password and a token provided by the 2FA app.
Many 2FA options can be combined with single sign-on technology to make it much easier for users as they move across different access points within a network.
Software solutions such as Duo from Cisco can be used so that users only need to authenticate once when switching between platforms or even devices. Duo integrates SSO and 2FA to streamline authentication, and many companies such as Etsy, Eventbrite, and more are currently implementing this technology.
This approach can also be more secure than the single authentication method that facial recognition provides. Another benefit is that users have some control over recovering their own passwords or authenticator apps should there be a problem. This can reduce the burden on IT departments that would otherwise have to perform these tasks.
For greater security and flexibility, multi-factor authentication solutions are also an alternative to facial recognition. MFA software solutions such as Okta allow custom policies to be created so that users can choose two or more authentication methods from among several. This allows for varied authentication methods that also include biometrics such as facial recognition if desired.
For some companies that have already implemented facial recognition or have compliance requirements that include facial recognition, this approach allows them to still meet those requirements while giving other users less strict access.
In general, MFA solutions enable custom authentication options that fit almost any situation while remaining incredibly secure.
Hardware Alternatives to Authentication
Hardware authentication can provide the speed and ease of use of facial recognition, but without the privacy concerns surrounding biometric data storage.
A device such as a YubiKey provides one-touch authentication across devices and platforms without the need for the user to enter tokens, such as with Authy or Google Authenticator. However, YubiKey does offer the ability to enter tokens or one-time passcodes so it can still be compatible with most older systems.
YubiKey also uses the FIDO 2 protocol, which enables completely passwordless logins using public key cryptography. This gives it the same user freedom as facial recognition that doesn’t require a password to be remembered, but in a less intrusive way.
The downside here is that it requires the small physical YubiKey itself. However, users can have backup or backup YubiKeys that can be easily retrieved or activated on their own without the intervention of IT personnel.
Again, this allows users to often fix their own issues, similar to a password reset, something that facial recognition often lacks.
Other biometric options
Sometimes biometric authentication is still preferred or even required to comply with certain policies or vendors. This has led some companies to look for alternatives that are less invasive than facial recognition.
One of these start-ups is called Typing DNA. While still a very new technology, it seems to use users’ individual typing patterns to perform continuous authentication.
The company calls this technology “typing biometrics” and detects micro-patterns in how users type. This software only looks at the pattern of typing and the software does not actually read or check what is being typed. These micro-patterns then form a biometric fingerprint for that user. If the patterns change, the system will be locked until several authentication methods are met.
The continuous authentication aspect of this kind of biometric system is what sets it apart. Most authentication options are one-time events. Devices left unattended can still be targeted. Typing DNA addresses used by different users to distinguish access to a device and then lock them out.
It’s an interesting concept and shows that other less intrusive biometric authentication is possible with a little creativity, and some of these can supplant things like facial or fingerprint biometrics for some applications.
