February 3, 2021
Ask anyone, and they’ll tell you it’s a pain to remember different passwords for different websites. Most Internet user recycles their passwords for multiple accounts, using on average a single password to access five accounts.
Today, many websites have special character requirements such as at least one uppercase letter and a special symbol for a password. Even though long and complex passwords are hard to crack, they are also hard to remember. People end up choosing shortcuts, like copy and pasting, allowing browsers to remember and auto-fill, and most common among all—using the same complicated password for everything and everywhere. Ironically, the result is the same with users still being vulnerable to cybercriminals and internet hacks.
More than ever, passwords are easy to break. In places where cybersecurity is especially critical, such as financial institutions, government organizations, and commercial enterprises, there is a pressing need for a better alternative to using passwords.
The Answer: Passwordless Authentication
Passwordless authentication is how we can eliminate the need to use passwords. With this authentication method, a user can log in to a computer system without entering (or remembering) a password. Instead of a password, the user provides secure proof of identity in a form of an accepted authentication factor. This factor could be something the user owns, such as their mobile phone, smart card, or security token. Or it could be something the user has inherently, such as their fingerprint, retinal scan, or face recognition. You might recognize this as biometrics. More precisely, it means using a specific biometric signature or another biometric identifier as a part of the two-factor authentication (2FA) login process.
The Rise of Biometric Authentication
The use of biometrics authentication has exploded in recent years thanks to its reliability and convenience. Facial recognition is the most widely considered, it is also the most controversial. According to the National Institute of Standards and Technology (NIST), most of the facial recognition systems have “demographic differentials” that can worsen their accuracy based on a person’s age, gender, or race, in both false negative rates (rejecting a correct match) and false positive rates (matching to the wrong person). MIT and Microsoft published a report showing that gender classification algorithms had error rates of just 1% for white men, but almost 35% for dark-skinned women. The European Commission revealed in February that it’s considering a five-year ban on facial recognition in public areas to address Big Brother concerns over privacy and safety.
Countries with largely homogenous populations, such as China, have integrated biometric facial recognition as a part of everyday life. However, in countries with more diverse populations such as the United States, that approach is less effective. The top facial recognition systems still struggle to recognize people with darker skin—a problem with troublesome consequences. Also, facial recognition authentication isn’t implemented consistently, and implementations that don’t map the face in 3D can be potentially spoofed using the user’s photo.
Meanwhile, the other biometrics—fingerprint—seems to be relatively low risk with a few key advantages. Fingerprint matching is accurate over 99 percent of the time, compared to facial recognition’s higher false acceptance rate (FAR). More importantly, fingerprinting is unaffected by other factors, like a person’s skin tone. From its first adoption by NY State Prisons in 1903, to Apple’s inclusion of fingerprint scanners into smartphones in 2013, and today’s fingerprint biometric cards for payments and access, fingerprint authentication has been trusted by governments, enterprises, and individuals alike (think “notary”) for close to 120 years.
Fingerprints Are Killing The Password
For the reasons outlined above, fingerprint biometrics has been the driving force behind the passwordless authentication movement. In other words, fingerprints are killing the password. Behind this passwordless authentication movement is Feitian Technologies, a leading supplier of two-factor authentication and smart-card-based security products and solution. Feitian offers digital authentication and identification solutions worldwide, paving a passwordless future with its cutting-edge products like the BioPass Fido2 and the OTP Display Card. Powered by Apollo2 and Apollo3 Blue MCUs, these passwordless fingerprint biometric solutions have many practical use cases, such as:
Just about every international bank uses the SWIFT system to quickly and securely send and receive information, such as money transfer instructions. SWIFT uses 2FA, but it only supports the authenticator mobile app. Some banks may not allow their employees to use their mobile phones, while some employees may not want to use their personal phones for work. Feitian’s one-time password (OTP) tokens and OTP cards enable users to log into SWIFT service without using their phones. An OTP only works for one login session or transaction, meaning potential intruders cannot abuse an OTP because it will no longer be valid.
Government organizations typically deal with sensitive information that needs to remain private. However, many organizations are still using old-fashioned passwords that can be easily hacked. Thankfully, biometric solutions have enabled both a more secure and convenient passwordless experience.
In particular, Feitian’s first FIDO2 biometric solution has eliminated passwords, strengthened security, and streamlined authentication. The BioPass FIDO2 offers fingerprint recognition, one of the most secure tokens. Even losing the key poses no security risks, as the finder’s fingerprints will not match yours.
The typical commercial enterprise operates with hundreds of employees and terabytes of data. However, traditional security solutions such as PINs and passwords are not as secure as biometric verification. A PIN or password can be easily stolen and reused without anyone being none the wiser, while a fingerprint cannot.
Feitian BioPass FIDO2 Security Key ensures authentication security. Whether you’re in the office, on a business trip, or at your home office, all you have to do is plug in our security key and touch the fingerprint sensor. Your fingerprint is verified with a single touch.
As slim as 300µm in a CSP package with a backside coating to prevent light interference, Apollo Thin MCU also seamlessly enables Feitian’s OTP Token with a lifespan up to five years, and the latest iePass FIDO Security Key to provide passwordless login for Hybrid Microsoft Azure Active Directory (Azure AD). With Ambiq’s ultra-low power technology and secured software solutions, Feitian biometric solutions can keep all personal data, verification, authentication, and storage on the devices for optimal protection.
The rise of online shopping has also led to an increase in card-not-present (CNP) transactions. On the one hand, it’s convenient, as the cardholder doesn’t physically present the card for a merchant’s visual examination at the time of payment. On the other hand, CNP transactions are a significant source of credit card fraud, since it’s difficult for a merchant to verify that the actual cardholder is the one making a purchase. With Feitian’s OTP Display Card, users can securely access their bank accounts and payment systems.
Ambiq’s Apollo3 Thin MCU enabled the fingerprint verification process on Feitian’s biometric payment card, which became the first card in the world, achieving certification by UnionPay. Apollo3 Thin, built on the patented Subthreshold Power Optimized Technology (SPOT™) platform, with 1MB of flash and ten uA/MHz efficiency, securely stores the reference data in the card and quickly activates the fingerprint verification when the card is in use. The entire operation is run by drawing power from the POS (point-of-sale) machine’s magnetic induction. With the lowest active power consumption, the transaction can happen at a farther distance than other solutions. Feitian biometric card solution has also been selected as an excellent innovation design for Beijing Winter Olympics 2022.
Modern healthcare organizations can provide state-of-the-art care to their patients. Unfortunately, many nurses and doctors spend too much time on administrative tasks, like collecting medical records and completing paperwork. They are stuck on their workstations when they could be treating patients. Feitian’s smartcards and smartcard readers help healthcare organizations access their data on both smartphone devices and PC workstations. Healthcare providers can streamline their processes, resulting in increased productivity, better performance, and higher staff morale.In the wake of the COVID-19 outbreak, governments and enterprises worldwide are looking for viable and reliable ways to help implement contact tracing, and social distancing to reopen the society and return to work safely. Feitian’s biometric solutions, powered by Ambiq’s Apollo 2 and Apollo3 Thin MCUs, have proven to be the most convenient and secured option.
For more information on biometric smart cards, sign-up and download The Future of Biometric Smart Cards White Paper.
Article written by Charlene Wan