Keeping Cloud Biometrics Secure
After the biometric hack at the US Office of Personnel Management in 2015, the viability of cloud-based biometrics were thrown into question. If the US government could not keep cloud-based biometrics of individuals with high security clearance secure, then biometrics stored on device would be the safer option.
This isn’t exactly the case. Many security mistakes were made with the OPM’s biometric storage choices.* One of the biggest mistakes, not mentioned in the article, is that OPM actually stored the individual biometrics rather than the biometric templates. Biometric templates are the mathematical representations of the biometric; there is no way to utilize the mathematical representation as the actual biometric credential. With proper templating and adherence to best practice security standards, cloud biometrics can be as secure as device-based biometrics.
Benefits of Cloud-Based Biometrics
Why would a company choose cloud-based biometrics over device-based biometrics? There are many advantages to cloud-based biometrics: seamless cross-device authentication, secure new device enrollment, consistent user experience, and safe authentication over extended periods of time.
Cross-device authentication
Asignio allows users to perform an authentication on any device with a touchscreen and camera. Users can utilize the same signature whether using a tablet, smartphone, or laptop. This is a major benefit for user experience as the user can authenticate with any device and isn’t tied down to whichever device the biometric would be stored on.
Cloud-based biometrics are also registered once upfront, meaning the user does not have to create new biometric registrations with every new device. If the user wants to use Asignio on a desktop (without a touchscreen), that authentication can easily be vectored to any of their touchscreen devices with either an email or a text message. This is especially useful when users need to register a trusted new device
New device enrollment
Every time a user gets a new phone or tablet, the first required step is often biometric enrollment and credentialing to enable safe device access. However, this process takes time, can be tedious, and doesn’t actually guarantee the identity of the user adding a new device to their account. In most current implementations with on-device biometrics, there is no way to biometrically verify if the person adding a new device is the account owner.
Cross-device biometrics enables user verification, seamlessly proving that the person holding the new device is in fact the user that owned the last device and is upgrading or adding a new device to their account. With the Asignio system, the user only needs to register once, taking the pain out of having to register a new biometric with each app (the current method used in compliance with FIDO) when they get a new device.
Consistent user experience
Another major benefit to Asignio’s cloud-based biometrics approach is that the customer always has a consistent user experience. If authenticating from a desktop (non-touchscreen enabled device), they will be routed to a touch-enabled device (via either SMS or email) where they can then authenticate with registered biometrics. No matter when or where the customer needs to authenticate, Asignio enables a consistent, well-understood process every time.
With current popular login methods, users often are forced to use different authentication methods between devices and accounts: sometimes they use passwords, sometimes a facial recognition session is required, and sometimes a text message is sent with one-time-passcodes (SMS OTPs). Inconsistent and irritating authentication experiences lead to a negative user experience at the beginning of the customer interaction; enabling consistent and seamless authentication leads to positive customer experiences and safer interactions.
Authentication over extended periods of time
Because the biometric is cloud-based, Asignio is uniquely situated to authenticate a user after a significant period of time. With device-based biometrics, there is no guarantee that the customer will have the same device months or years after the initial registration. The registered biometric could have become obsolete and the user would be forced to rely on a backup authentication method (typically, a username and password). This is a significant security gap that could be easily exploited by fraudsters.
With the protection of Asignio biometrics, the customer can authenticate with their Asignio biometric even if they have changed devices multiple times. Time- and fraud-resilient biometrics, designed to be usable even after extended periods of time without re-authentication, enable a secure method of identifying the user no matter the circumstance, without reliance on less secure authentication methods.
Conclusion
Cloud-based biometrics provide unique security advantages and protections over device-based alternatives. The Asignio biometric enables secure cross-device authentication, new-device enrollment, consistent UX, and authentication over extended periods of time. Properly stored and secured cloud-based biometrics, then, can be the perfect solution for digital-first banking operations, balancing unparalleled security with seamless user experience.
Contact Calvin Rutherford at demo@asignio.com for more information