Inside John F. Kennedy International Airport in New York, an iris recognition system from Iridian Technologies controls employees access to the tarmac at international arrivals. To proceed through the door that leads to the tarmac at Terminal 4, an employees ID card must match a live scan of his iris. If a card is presented but the iris does not match the record, the door will not open. Thus stolen identification cards and compromised keypad access codes cant pose a significant threat to the terminals security.
Biometrics, the science of identifying a person by unique body features, has emerged as a popular method of identification and authentication. Instead of trying to remember passwords, more and more people are relying on their irises or fingers to initiate electronic transactions, gain access to secure applications, and enter certain buildings.
Airports, government agencies, and other organizations that demand high security are gradually installing James Bond–esque systems that scan a persons iris to verify identity. And the 2001 Super Bowl saw some of the first widespread use of facial recognition. Cameras scanned the crowd to match faces against a database of mug shots.
"Biometric technology will become common in the financial community in the very near future, and soon the health care system will start adopting it to satisfy regulatory requirements for secure information," says Julia Webb, vice president of Bioscrypt, the fingerprint recognition company American Express uses to secure its New York headquarters.
Fingerprint recognition is currently the most popular approach, because it is the least expensive and easiest to implement. As a result, many businesses are getting their feet wet with fingerprint recognition to enhance security, reduce support costs, and increase productivity.
The Bankers Bank, a correspondent bank serving financial institutions throughout Oklahoma, was growing concerned that its high-security password system for electronic fund transfers was too cumbersome. Although the company hadnt experienced a security breach, the volume of ever-changing passwords was becoming a burden. So The Bankers Bank helped install DigitalPersonas U.are.U Pro fingerprint recognition technology at 100 of its customer banks. The cost: roughly $150 per workstation.
"Regulators are requiring higher security. We spend lots of money on 128-bit encryption and firewalls, but those dont matter much if people write down their passwords or shout them across the office," says Troy Appling, vice president of The Bankers Bank. "With fingerprint biometrics, we can reduce the risk of unauthorized people making millions of dollars off fraudulent transfers. And we dont have to spend up to 60 percent of our IT time resolving lost or forgotten passwords."
Now, when a bank with U.are.U Pro needs to initiate a transaction, a user places his finger on the scanner and the software authorizes him to use the funds-transfer system. Appling says some banks are so pleased that they want to use biometrics for all their internal systems.
Even the fingerprint recognition companies admit that the technology is not perfect. Hackers have demonstrated how they can quickly and cheaply make molds of legitimate fingerprints to fool scanners. And some systems have had problems authenticating users because of cuts on their fingers. But the technology is getting better, as more powerful computer systems can now churn through new, highly complex algorithms.
Fingerprint recognition alone isnt enough security for everyone. Many companies are adopting a combination of smart cards and fingerprint recognition. In this scenario, a smart card contains a digital description of your fingerprint. You wave the smart card in front of a reader, which accepts the fingerprint information. Then you place your finger on the scanner, and the system verifies that the two match.
As biometric security continues to gain a foothold in corporate America, passwords may be thing of the past.