Access keys and biometrics have long been considered the new frontier of cybersecurity, with many organizations requiring their employees to use them. These two technologies alone have paved a long way towards organizational security, protecting organizations from data breaches and cyberattacks, thereby creating a more secure environment for businesses.
Like all technology, passwords and biometrics will soon be obsolete. Due to the constant evolution of technologies and malicious actors who always have a way to exploit their vulnerabilities. Here’s a quick look at the implications of passwords and biometrics in office spaces, the potential vulnerabilities they pose, and their impact on user privacy.
The good and the bad: navigating the perils
Shiva Nathan, founder and CEO of Onymos, envisions a future where alternative authentication mechanisms, particularly biometrics, gain dominance. Highlighting the use of access keys and biometrics states that “more websites and apps will offer alternative authentication mechanisms to passwords, many of which will involve biometrics. The two major platform players – Apple and Google – will increase adoption of passwords/FIDO.”
THE State of Phishing Report 2022 by SlashNext highlights a harsh reality: 76% of attacks focused on credential harvesting, highlighting the ongoing security threat. Access keys and biometrics, while formidable, face challenges in an era where technological advancements are met with equally sophisticated threats.
Multi-Factor Authentication (MFA) appears to be a crucial defense mechanism, prompting users to diversify their passwords and adopt routine changes. However, as nice as it sounds, hackers have their methods to bypass MFA authentication, and one of these technologies is social engineering And access to the dark web. Through social engineering, hackers can gain access to online accounts and the technologies associated with them.
Furthermore, the Dark Web has played a crucial role in this ordeal where sellers advertise “access” to users, through which interested parties can purchase corporate account login credentials for less than $100.
Password Dilemma: A Breach Waiting to Happen
Although biometrics are still considered a more secure option, the use of passwords and access keys is often associated with data breaches. According to reports, the most extensive password harvesting to date recently surfaced on a popular hacker forumshared by a user in a colossal 100 GB TXT file comprising 8.4 billion passwords.
Biometric systems, often considered a more secure alternative, take a precarious path to ensuring user privacy. Earlier this year, the Federal Trade Commission warned users against misusing biometric information. Samuel Levine, director of the FTC’s Bureau of Consumer Protection, noted the growing sophistication and prevalence of biometric surveillance, which presents new challenges to privacy and civil rights.
At the heart of this research, the The FTC established several key points, adhering to the continued abuse of biometric authentication. These points include:
- Neglecting the assessment of potential consumer harm before collecting biometric data.
- Delaying action in the face of known or foreseeable risks and not implementing tools to mitigate them.
- Engage in clandestine or unanticipated collection and use of biometric information.
- Neglecting the assessment of third party practices and capabilities related to access to biometric data.
- Inadequate training for employees and contractors handling biometric information.
- Failing to monitor and ensure the proper functioning of biometric technologies to avoid harm to consumers.
The use of passwords and biometrics: legal perspectives
Biometric data protection lacks global specificity, with most legal provisions relying on broader personal data protection legislation. The General Data Protection Regulation (GDPR) in European Member States is a notable exception, providing a comprehensive framework for the protection of biometric data. GDPR impact extends to 28 countries, including the UK
Despite the lack of an overarching federal law in the United States, states including Illinois, Texas, California, New York, and Virginia have passed biometric privacy laws. The legal framework for biometric data protection in the United States is evolving rapidly, with emphasis on issues such as consent, data breach notification and sanctions for non-compliance in the event of data breaches and cyberattacks.
In India, the Supreme Court has recognized privacy as a fundamental right, influencing the regulation of biometric data, notably in the context of the Aadhaar identification program. China, following a unique approach, balances consumer privacy and state surveillance through laws such as the Cyber Security Law and Cyber Security Law. Personal Information Protection Act (PIPL).
Despite ongoing challenges and developments, there is a growing global consensus on the importance of privacy. Many countries, from Europe to Brazil, India, China and Africa, have adopted or updated their privacy laws, highlighting the need for rigorous accountability and imposing significant fines for inadequate data protection.
As the cyber security As the story unfolds, a global consensus on privacy gains momentum. From GDPR’s impact on personal and biometric data protection to the enactment of strict privacy laws across continents, the call for robust accountability resonates. In this dynamic dance between innovation and security, organizations must remain vigilant, adapting to new threats while respecting the sanctity of user data.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.