• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Biometric Hacking Will Demonstrate the Importance of MFA in 2019

March 28, 2019 By The Editor

Smartphone biometric login

From fingerprint readers to Apple’s Face ID, there’s been a steady move toward biometric login methods for smartphones and applications over the last several years. But these authentication methods have their own set of weaknesses, which often create a false sense of security in users. WatchGuard CTO Corey Nachreiner’s latest guest column in SC Magazine argues that hackers will take advantage of this false sense of security and target biometric login methods more heavily in 2019.

Password security overall is quite poor, since it’s difficult for humans to remember long, complex strings of characters for each of their dozens of online accounts. Using a fingerprint or a face scan to unlock a phone or log into an application is more convenient and secure than using weak passwords, or passwords that have been reused across multiple sites. However, biometrics can be hacked too. Here’s an excerpt from Corey’s article with some examples:

“Back in 2002, a Japanese security researcher was able to achieve 80 percent success fooling biometric authentication using melted gummy candies to replicate lifted fingerprints. While fingerprint reader technology has improved over the last 15 years, it isn’t without fault. Just last year, researchers from New York University and Michigan State University used machine learning to create a fingerprint “master key” with reasonable success in a simulated environment. Attackers might not even need to use AI to generate valid fingerprints. In 2015, foreign hackers breached the United Stated Office of Personnel Management (OPM) and made off with troves of data, including 5.6 million sets of fingerprints from US intelligence agents and other government employees.”

 A better solution is to pair biometric login methods with a strong password or another authentication method – in other words, to use multi-factor authentication (MFA). This mean attackers can’t breach an account if they guess or steal one factor. MFA used to be impractical for smaller organizations because they usually relied on expensive, hard-to-manage hardware tokens, but cloud-based, smartphone-enabled MFA is now making this technology accessible to organization of all sizes.

Read the full article on SC Magazine and check out WatchGuard’s 2019 predictions about biometrics. You can also watch our post-apocalyptic predictions video and see all of WatchGuard’s 2019 predictions here.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • An Update on Section 230

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use