The news today is full of reports of large-scale data breaches and cyberattacks. With these trends on the rise globally, many of which including top private companies and U.S. government agencies, it is more critical than ever to protect our nation’s sensitive assets and cybersecurity infrastructure from attack.
In May 2021, United States President Joe Biden signed the “Executive Order on Improving the Nation’s Cybersecurity,” detailing the actions the U.S. federal government must take to improve the nation’s detection, mitigation and remediation of cyberthreats. A key component of this order was the need for enhanced authentication practices within the federal government, and the required adoption of multi-factor authentication for digital and physical access control.
With that mandate handed down, let’s look at the authentication practices currently used within the U.S. federal government, and what role biometrics can play in improving them.
What Authentication Solutions are Currently in Use?
When it comes to access control for both physical locations and digital assets, the federal government has long relied on smart cards, such as Personal Identity Verification (PIV) and Common Access Cards (CAC). So long as an authorized individual maintains physical possession of the card, that person can then use it to access files at a secure terminal or enter secure facilities. Should a card become lost or unavailable, however, the federal government permits continued access with a username and password in many cases until the card is located or replaced.
The process by which a card is issued or replaced, however, is an in-person one, requiring all necessary parties to be physically present. When the COVID-19 pandemic struck in early 2020, this in-person requirement became a challenge for access control procedures, preventing new cards from being issued, and existing cards from being replaced. As a result, many authorized individuals who did not have a smart card available were permitted access with their username and password only.
Unfortunately, passwords have proven themselves to be increasingly unreliable as an authentication method. They can be stolen or guessed at by malicious parties, and hackers are getting better at uncovering or bypassing them altogether. Simply put, relying on passwords alone to protect federal assets is growing riskier by the day, and the mandate for enhanced multi-factor authentication in the Biden executive order is a sound one. But now that we’ve established the need for improved authentication, how do we go about making it a reality?
The Benefits of Biometrics
Biometrics are an inherently more secure authentication method than passwords because they use something you are (your face and voice, for example) instead of something you know or have, like a password or access card. Modern-day biometrics are fast, mobile and frictionless, using the cameras and microphones in today’s mobile devices to perform highly secure face and voice matching. Biometrics can be integrated into the access control workflow too, serving as a means of authentication in addition to smart cards, or providing a far superior authentication method on their own should a card be unavailable.
There are other considerations to make when looking at biometric solutions:
Biometric matching makes authentication more convenient and secure, but the addition of liveness detection is essential for biometric applications where security is paramount and fraud is a risk. Many of today’s biometric solutions feature liveness detection, ensuring that the user is a living person, and not a would-be impostor with a mask, photo or video designed to trick the system.
Smart cards are already an easy access method for most government use cases, but additional authentication solutions must be convenient and easy to use as well. Modern biometric solutions are designed from the ground up to be convenient, using the cameras and microphones already found in today’s mobile devices and smartphones to provide quick and frictionless face and voice recognition, and a fast and intuitive process for users.
Modern biometrics are mobile, allowing administrators to register new smart card users remotely instead of in person without a decrease in security. Many of today’s biometric solutions have flexible configurations as well, allowing for easy biometric authentication regardless of network availability or physical location.
Addressing U.S. Cybersecurity Concerns Through Biometrics
Now that Biden’s executive order is official, U.S. federal agencies must address the need for enhanced authentication methods that remove their reliance on fraud-prone passwords. When deciding on the best authentication method, learning about the benefits of today’s mobile biometric solutions is a great place to start.
If you want to learn more about Knomi, Aware’s mobile biometric authentication platform, please contact us or visit our webpage.