Category Archives: biometrics

Biometrics is becoming more and more common in the security of controlled access.

Multi-factor authentication and biometric security

"Using multi-factor authentication and/or biometric authentication should help secure systems," explains Jean-Christophe Vitu of cyber security firm CyberArk.

This position is particularly in line with this great dynamic that wants to find the best way to preserve the computer security of users of digital services both on the web or on an isolated computer system.

This article will also interest you: Can we trust the biometric security system of smartphones?

During October, which can now be considered International Computer Security Month, several public and private institutions took the opportunity to raise awareness of computer vulnerabilities and best practices to prevent computer attacks. In this context, the French independent authority for the security of information systems, ANSSI (NATIONAL AGENCY OF THE SECURITY OF INFORMATION SYSTEMS) has initiated a program called "Cybermoi/s" whose target were the citizens.

The main purpose of this initiative was to emphasize the importance of everyone in the fight against cybercrime and of course the roles to be played in maintaining optimal online security. "French digital security actors are launching a new call to action for French citizens to actively and effectively secure their digital lives, both in the personal and professional spheres. described the French Agency for the Security of Information Systems

It has also placed more emphasis on the system authentication. at this level, multi-factor authentication has been presented as an issue essential. It is generally realized that it is easy for computers to collect personal information about Internet users who have less suspicious or even naïve practices when using the Internet. As a result, users' attention should be drawn to ensure that be more responsible and really realize the threat that lies ahead on a daily basis when it connects to the web. This responsibility will therefore consist for its users to learn to be trained.

among Measures to which internet users today, there are multi-factor authentication. as we know, the notion implies it, it doesn't take a simple password to protect its terminals and online accounts (e-mail, bank accounts, online public services, social networks..). According to Frank Abagnale Junior, a former forger converted into a security consultant to the Federal Police "passwords should no longer exist." In an interview for the British media Information Age, he explained in July "I can't believe the passwords were developed 1964, when I was 16, and today, at 71, we use passwords as a protocol to enter the security systems security. I don't understand why the passwords are still there so that we know that they are the main cause of all of our problems. ».

However, it can be observed that it is not at all possible to do without passwords today. indeed the fashions authentications have multiplied from year to year. With it, the system biometric security or the implementation of authentication multi-factor authentication (MFA), it can be said that we are on the road to improving security conditions for Internet access or at our terminals. And passwords are a key tool in this strategy. Indeed, multi-factor authentication requires two elements to confirm the identity of the user. In the majority of cases, the password is used as one of two means of identification. dual authentication Classic factor is used more generally with the User's password and A message received by SMS or email containing a confirmation code Identity. Its strength will lie in the fact that even if the hacker gets to get around the first way, the password, it certainly will not be able to get around the second, with a few nuances. According to a study conducted by Microsoft, dual-factor authentication can reduce 99% the risk of compromise of terminals or user accounts.

However, this security measure is not of course infallible. Indeed, cyber offenders and criminals continue to look for blind spots to prevent this protection measure. it is therefore for this reason that biometric security technologies are involved, which must help to close the gaps in the former.

Now access an unlimited number of passwords:

Check out our hacking software

Google introduces a system to connect websites with biometric data

Google has announced that it is beginning to deploy technology that will allow access to the internet without using a password.

Using an Android phone. The American giant says that instead of using a password, users will be able to log in using their fingerprint or encrypted code.

This article may also be of interest to you: Passwords vs. Biometric Security

This deployment will be phased in and will take place limit currently to the website, who manages the passwords of the firm.

For now, the first devices that support this connection method are Google's "Pixel" mobiles.

The firm's objective is to extend this mode of connection to other services in the group, as well as to more recent models of Android mobile.

It is known that the fingerprint authentication system has been around for a long time, especially on Android mobiles, however it is essentially used for locking and unlocking the mobile and even approving a purchase on google's store.

This innovation of using the biometric data that is fingerprints for authentication on the company's browser services will boost things. One wonders what the next step will be. Already around the beginning of March of this year, it was said that the American giant was implementing a dedicated FIDO certificate, a web standard that will be necessary to enable the American firm to realize its project of internet connection through the use of fingerprints and these famous security keys through the Android operating system.

This is exactly the standard Google uses with the "W3C WebAuthn" and "FIDO CTAP" standard that the firm uses to increase the level of security of the services it currently offers.

It should be noted that these Computer Standards have been put in place to facilitate the operation of certain programs such as "AZERTY123".

Google's initiative is simply to the image of the current trend. It is part of a logic to entrust less and less our security with the classic password that no longer arrives to ensure the protection of users. As we mentioned in our previous articles, passwords lose their values biometric data look that seems to offer more protection. even if we are not fully able to determine the distant range of this reality, it will not be denied that the use of fingerprints is more to retain an uncomfortable syntax in memory.

The result will be to see today that more and more more IT services are turning to a trend of biometric security, dual-factor control, security physics, etc. With the recent web standards, it would be possible, in particular, to have access to websites using our biometric references or high-security physical keys scale, if today this is limited to Google.

The FIDO2 standard is particularly attractive in terms of the local way of storing fingerprints. So your biometric data doesn't come out of your mobile, and only the verification signal is transmitted through the internet.

Now access an unlimited number of passwords:

Check out our hacking software