Podcast: Biometrics & Data Security with Dan Jaeger
Dan Jaeger has worked for Kensington for nearly 25 years and is currently the Director of Enterprise Sales for North America. Kensington is a computer peripheral and accessory company founded in 1981 and produces everything from docking stations and webcams to biometric security solutions.
Authenticating the Person
We’re at the point today where we’re about authenticating the person … not only the device.
The main takeaway from our conversation with Dan is that the future of digital security will be heavily focused on tools that can guarantee that the person accessing a system is who they say they are. Before we dig into the details of what that means, here are some of the most common tools being used to secure devices and systems today:
Passwords: String of characters that, in an ideal world, only the authorized person(s) accessing a system would know.
Key, Token, Tap-and-Go: Physical device that gives a person access by performing a task, i.e. swiping a key card or tapping a sensor.
SMS/Magic Links: Unique access codes sent to users via their mobile device or through verified email addresses.
Biometrics: Sensors that scan some physical trait unique to the user (retina, fingerprint, facial features), and provides access upon confirmation.
Before the COVID-19 pandemic, it was much easier for IT teams to know who was accessing company systems and data. Most of the workforce was on-site, entering the office via keycards and using company workstations.
Post-COVID, security has become a lot trickier to manage. Now that more people are accessing sensitive company data from home, IT teams have had to figure out short-term solutions while they build out more long-term, sustainable security protocols.
For an example of what doesn’t work, Dan shared the story from the height of the pandemic where one organization sent out 16-character passwords to employees every 8 hours. They knew that wouldn’t be sustainable long term, and Dan’s team at Kensington worked with them to design more scalable security protocols.
The Problem with Passwords
For as much as we rely on them, passwords are extremely vulnerable to the most common types of cyber attacks. They’re also very difficult to manage. Strong passwords need to be complex, and ideally we should be using unique passwords for each website/account we access. However, most people use passwords that they can easily remember and use the same password across multiple accounts. If passwords are the problem, why do we still rely on them? Well, according to Dan, we’re used to them. Passwords have been a part of both our analog and digital lives for decades – and they’re not going away.
Even with a strong password, it’s still possible for malicious actors to steal them through sophisticated phishing attacks or using tools like key loggers. And that leads to the biggest flaw with passwords: many systems don’t care who is entering the password, only that the password itself is correct.
This flaw has been mitigated in recent years with multi-factor authentication becoming more common. Multi-factor authentication adds another layer of security on top of the password, sending the user and unique code or link to their phone number or email address.
Despite their flaws, passwords will continue to be a part of our digital security toolset. Dan offered this advice to make sure that your passwords are as safe and effective as possible:
Use a password manager to create and save unique, complex passwords for each system or account.
Secure your password manager with a more sophisticated tool, like biometrics.
The most reliable security tools use authentication methods that are unique to the person that is trying to access a system. It turns out that biological traits like facial structures, retinas, and fingerprints are both unique to the user and pretty much impossible for an unauthorized third-party to replicate.
Biometrics technologies have come a long way in a relatively short amount time. Features like Face ID and fingerprint sensors come stock on many smartphones, tablets, and computers. And Kensington offers solutions like their Verikmark™ Desktop Fingerprint Key, that allow users to add biometric authentication to all of their devices with a portable dongle. Dan noted that despite their portable nature, these devices do not actually store a user's biometric data. If a dongle gets lost or stolen, it can't be used to access accounts without the owner's fingerprint. And no fingerprint information is stored on the device itself. More and more schools and corporations are turning to solutions like these to shore up security protocols while adding the flexibility needed for remote working/learning.
The Cost of Security
It's no surprise that cyber attacks can cost organizations millions of dollars a year. And this doesn't only apply to companies–schools have increasingly become a target for hackers looking to steal large amounts of sensitive data. According to the State of Cybersecurity: 2020 Year in Review, between 2016 and 2020, the median amount stolen through phishing attacks on schools was $2 million. And the single largest phishing attack in history resulted in a loss of $9.8 million from a single district. The impact on a school district can be devastating. As cyber attacks become more prevalent and more sophisticated, having robust security measures in place is more of a priority than ever for school districts across the country. While there's certainly money to be saved by preventing cyber attacks, Dan noted that biometrics-based security measures can also help to mitigate other IT operating costs. According to Dan, the average cost of an employee calling their IT department for a password reset is $70. Getting a single employee set up with a biometrics-based system costs around $100 on average. Rolling out biometrics security to staff costs less than two password reset calls per year for some organizations.