A common misperception about biometrics is they would be used alone. That is still just single-factor. By definition, strong authentication must have two out of three factors: 1) What you know (username/password), 2) What you have (token, one-time key), or 3) What you are (biometric).
If you have a biometric plus a PIN/password or a biometric plus a token, that is two factors. If the hackers get your fingerprint, they will not have the other factor.
The point of the article was that the UK is adopting the new FIDO security standard which has Universal 2 Factor (U2F) and makes it easy for mass consumers to add a second factor to their username/password resulting in What You Know plus What You Have (FIDO token) or What You Are (biometric).
We (SurePassID) have a FIDO-certified authentication server or cloud service that can quickly enable any website or mobile app to accept FIDO keys. That's the server side. On the user side, a user can get a FIDO key from Amazon or use the FIDO key they may already have. We offer additional choices to enable users to use what they already have (mobile phone with TouchID) plus a Virtual Mobile FIDO Key that can only be released if the fingerprint matches on the phone. In other words, no password would be required because the two factors are biometric (TouchID built into the phone) plus FIDO Key (registered to the user's phone, a one-time process).
There is a new biometric wristband called the Nymi Band, which uses your EKG (electro-cardiogram) as your biometric. Once you train it to your body, the biometric never leaves the band so it is not stored in any database. It is Bluetooth Low Energy (BLE) and Near-Field Communication (NFC) capable to support authentication or payments or device control (think secure IoT access) between any Bluetooth or NFC device. With an embedded FIDO Key, you have two-factor authentication in a single wristband and always present, always authenticated access. The user experience for logging into Windows is this: 1) Walk up to your computer within Bluetooth range, it recognizes you. 2) Touch your Nymi band to prove YOU (and only you) are wearing it (biometric first factor) and it will release the FIDO Key as a second factor to the login process and log you in to Windows. No entry of username or password required.
The important takeaway here is that FIDO supports strong authentication for the masses and a "bring your own security" model. This should make banks and government services happy since they don't have to stock, provide and support tokens which is a help desk cost and hassle. If you lose your FIDO key, you can get a temporary code sent to your mobile phone or use a back-up FIDO key (you can have as many as you like). Then simply order another FIDO key from Amazon and register it to your account.
Reach out to SurePassID if you want more information or want to pilot a FIDO solution for free.
Best regards,
Kevin
Facebook
Twitter
Instagram