Probably everyone has encountered some form of multi-factor authentication, if not elsewhere, in the security settings of your Google, Outlook, or Facebook account. While a strong password provides some level of protection against data theft and Internet attacks, the best password does not provide one hundred percent protection.
That’s why multifactor identification is essential for any serious service, ”he said at the 4iG Technology Forum conference. This means that in addition to the username and password pair, a second or even third method proves to the system at the same time that the person is really the one trying to log in and use it, not an unauthorized person.
And here, not only do you have to think about when someone sits down in front of a computer and logs in, multi-factor authentication can also be used for physical access, such as at work, and can also help keep track of working hours.
Multifactor authentication can be performed in practice in several ways, the most common and well-known form being perhaps one-time password, telephone identification. It is also used, for example, by financial institutions and a significant part of Internet services, as it is extremely fast and easy. After attempting to log in, the user will receive a push or in-app notification, SMS, or phone call to their mobile phone for one-time authentication. However, from a security point of view, it is not the most reliable code that can be received in an SMS by attackers in theory, thus circumventing the authentication process.
The second method is somewhat safer, but also more expensive. This is multi-factor authentication based on hardware tokens. In this case, the keychain, flash drive-sized physical hardware (the mobiltoken) either has a built-in small display from which the user can read the verification code, or the key is entered by the hardware in direct communication with the computer, omitting a potential human hazard.
If costs need to be kept down or a one-time password solution is not possible, biometric identification could be a potential solution for multi-factor authentication. This can mean fingerprint scanning, retinal-based identification, voice recognition or even palm vein scanning. Because each person has unique characteristics, biometric identification can be the most accurate and most difficult wall of defense for attackers to break through. But what is the best way for a company to introduce biometric identification?
According to Gábor Gábriel, IT security expert at 4iG, the BioSec venous scanner currently leads the list, with the lowest error rate, but the fastest and most accurate identification. At the 4iG Technology Forum conference, Gabriel said that the Hungarian-developed venous scanner, which is also used in the Fradi Groupama Arena for additional identification of the fan card, is more advantageous than its competitors in several respects (even if the ultrashops haven’t seen it).
Why is it better?
It reads far more points per person than other biometric identification methods, talking about 10-50-250-10000 points for other technologies, compared to the 5 million examined by the venous scanner. From a GDPR point of view, examination of the aortas of the palm is less of a concern because the scanned sample is not stored by the sensor; plus the scanner can be used without direct contact, it is enough to hold your hand over the hardware, and there the sensor identifies the unique venous structure of each person based on infrared light. Its only criterion is that it needs a living bloodstream, so for the time being, identification with a severed hand can only exist in the morbid reality of films.
The venous scanner sensor can be used in places where large crowds are moving, but can also be useful for home, office work, or customer reception areas. For example, the device, which works in both Windows and Linux environments, can be used to check access and access levels in the case of office work, and in the case of client management, it can also be used to supplement identity documents, as it would make it easier to filter out people with false documents. In a financial environment, it could reduce the misuse of credit cards, and in healthcare, it could rule out fictitious treatments, surgeries, or false prescriptions. The solutions also offered by BioSec are already in use in some parts of North America, Scandinavia and South-East Asia, there are places where you can also pay by reading the veins.
The construction of an access scanner point is roughly 70,000 forints, and that is how much the vein scanners cost in the Fradi stadium. Added to this is the price of an IT system running in the background, which is determined by its complexity. If you only need a vein scan for computer identification and payment, a mouse suitable for vein scanning or a target device with a USB connection, which also works offline, is enough.
(Cover image: Zoltán Máthé / MTI / MTVA)