Frequent readers of this blog will know that I tend to follow trends in authentication and that I am interested in making good-quality authentication commonplace. Recently three topics in authentication caught my attention, and I’d like to share them with you.
Fujitsu’s PalmEntryXS
First, Fujitsu announced PalmEntryXS a new addition to its PalmSecure line. The reason palm vein scanning is so interesting to me is detailed in the press release. Basically, a vein pattern is unique, hard to replicate, and hard to copy (you don’t leave your vein patterns on drinking glasses, for instance). The low rates of false acceptance (accepting Bob when Alice presents her hand) and false rejection (rejecting Alice when she presents her hand), along with the attributes I just mentioned make this technology attractive. As prices decline – individual scanners can now be had for around USD200 – these devices are more and more attractive. Because touch is not required, the technology can be used in areas with infectious diseases or hazardous chemicals.
The LastPass Password Tool
Second, the LastPass password keeping tool can now use the fingerprint scanner on the Galaxy S5 smartphone for access. That is, rather than have separate passwords for the phone and the LastPass tool, a user can now use her fingerprint for both. The more we can use biometric authentication in situations such as this, the safer I think we’ll be. Biometrics don’t allow shoulder surfing and they don’t allow guessing. Hopefully technology will evolve enough that technologies such as palm vein scanning will be available in smartphones in the not-too-distant future.
Two-Step Authentication
A third story I read this week involves two-step authentication. That’s where a user provides (generally ) a password and then a number the she retrieves from a smartphone or a standalone device. I use this on some websites. I enter my password and then a number from an app on my phone. The app displays different numbers for different sites, and each is good for maybe thirty seconds. An article in Lifehacker yesterday (as I write this) describes Authy, a Chrome app for the desktop that displays the numbers, so one doesn’t have to rely on a charged phone. (I confess, I sometimes forget to charge mine.)
We talk about biometrics and two-step authentication in Learning Tree Course 468, System and Network Security Introduction, if you want to learn more about it. In the mean time, let us know what you like and dislike about biometrics and two-step authentication in the comments below.
To your safe computing,
John McDermott
