With the surge in high-profile data breaches recently, are user names and passwords the best way to ensure that the people logging into corporate networks are who they say they are?
ImageWare Systems is betting that businesses want better authentication — particularly for remote access from smartphones, tablets and laptops.
The San Diego company has introduced a technology platform that enables users to meld biometrics into the traditional user name/password process for signing into a corporate network.
Instead of just logging into your system with a password, the new platform, called GoVerifyID, would prompt users to also take a selfie or speak a predetermined phrase into their smartphone microphone, or both.
“The hackers have found a way to impersonate you and me,” said Jim Miller, chief executive of ImageWare. “If I hack your password, and I am remotely accessing your company’s network, as far as they know, I am you with the way security is conducted today.”
To date, biometric authentication has been a niche technology, used primarily in government. It sometimes required special hardware such as infrared cameras for iris scanning.
Now ImageWare thinks that it can tap the cameras, microphones and other sensors on smartphones to tailor biometric technology to a wider audience.
GoVerifyID works like this: Once authorized by their employers, workers download the GoVerifyID app to their smartphones.
When they log into their corporate network, they get a message via the app that asks if they are indeed signing in.
If they answer no, access is denied. If they answer yes, the app requests the selfie or spoken phrase.
The information is sent to ImageWare’s biometric database, which is specifically built for high-speed matching of biometric data. The cloud-based system lets customers run their own facial recognition or voice recognition algorithms quickly, Miller said.
ImageWare charges a monthly subscription to customers, reducing the cost of using biometrics. As smartphones add more sensors, the company’s database is capable of handling fingerprint data, retina scans and other biometric information, Miller said.
Citing research from IBM, Miller said 77% of businesses reported a data breach last year. Their average cost was $3.8 million.
Some of the headline-grabbing cyberattacks, such as the Target breach, led to top executives getting fired.
“The enterprise is getting absolutely trashed,” Miller said. “People are trying to hack into these companies daily. So there is a pressing need, and when your C-suite starts to lose jobs, you tend to give a little more attention to the issue.”
For corporate security officers, credential protection is a major concern as employees, contractors and suppliers tap into networks remotely using mobile devices, said Jeromie Jackson, director of security and analytics at Nth Generation Computing, a technology consulting firm.
But biometric technology hasn’t been a popular authentication technique, in part because it has been viewed as costly and intrusive compared with alternatives.
“Most people are opposed to sticking their eyeball up to a scanner,” Jackson said. “While [biometrics] can be high-quality authenticators, I would say adoption rates tend to be pretty low except in top-secret environments.”
ImageWare has several government and corporate customers, including the U.S. Veterans Administration and the Canadian Air Transport Security Authority.
But the 70-employee company isn’t profitable. It reported a $7.8-million loss so far this year on $2.9 million in revenue.
Miller believes that the use of biometric data for authentication can grow as costs fall and cyberthreats rise.
“What we have done is take our unique experience in government over the last 20 years, and we are leveraging that into the commercial and consumer space,” he said.