As Confidence in IoT Security Wanes, Can Biometrics Help?
Posted by Alexey Khitrov
With any security system involving a human component, there’s a careful balance between requisite security measures and the user experience. The reason most of us have one or two locks on our front door – instead of twenty – isn’t because we don’t want more security, it’s that the experience would be far too much of a daily hassle.
When it comes to IoT security, the balance is askew in the other direction: the marketplace is glutted with lower end IoT devices that privilege a simplified user experiences over robust security. While this strategy allows consumers relative ease and a frictionless process in activating smart home and other internet-connected products, this devaluing of security leaves a virtual unlocked front door for malicious hackers who have little difficulty in accessing these devices. A largely unsecure IoT industry is proving time and time again to have significant and harmful repercussions, in the form of the mayhem that hackers can inflict on vulnerable users, and for the internet at-large as devices are corrupted for use in devastating IoT botnet-based DDoS attacksthat continue to make headlines.
The need for security is, of course, a major issue that the IoT industry must overcome. Even as Gartner foresees the IoT rapidly expanding to 20.4 billion devices by 2020, a recent market survey finds that 90% of consumers do not have confidence in the security of IoT devices. In the same way, IoT security – and customer confidence in it – is just as important to the enterprise, as commercial IoT applications may provide personalized services that utilize sensitive data, involve monetary transactions, or offer other features requiring authentication that is unquestionably safe and frictionless for customers. Altogether, this makes IoT security a key concern that absolutely must be resolved for the IoT industry to have longer term staying power and to reach its full potential.
Passwords are (rightfully) going extinct
Passwords continue to be the default option for account security across all industries. While common, they’re also an overly complex user authentication method that are becoming less effective in securing access, while also becoming more frustrating and challenging from a UX perspective.
Forgetting your password requires ones to waste time with reset emails and security questions – if we can remember them - a cumbersome process equivalent to fumbling with twenty door looks. And beyond delivering a subpar UX, most IoT devices are manufactured without a traditional security interface (no screen, no keypad), leaving passwords a poor candidate for IoT security and leading enterprises across industries seek alternative and more secure ways for authenticating users.
Biometrics are the answer to the IoT’s present – and long term – security needs
Biometric security measures are growing in popularity and in widespread use. Smart phone users are deploying fingerprint identification or facial recognition to unlock screens. Alexa, Siri, and other voice-activated tools have made talking to your technology commonplace, increasing demand for voice-based authentication as a common security solution.
The biometric approach to security is particularly well-suited to the IoT, though, and offers a compelling synergy with the desires of today’s businesses to establish more personalized interactions and relationships with customers. As demonstrated by the rise of chatbots, brands are evolving to include personalities that go beyond mascots and logos. Businesses want the customer’s brand experience to feel familiar – acquaintances and friends don’t require identification when they see you. Biometric authentication enables a more natural and passive experience, whether that’s opening the smart home lock on your front door, activating IoT devices inside, or interacting with brands and their products by other means.
In addition to the stylistic advantages, several technical advances have enhanced the current viability of biometric security for the IoT. The memory footprint of biometric security algorithms are getting smaller while also getting more efficient. Algorithms as small as 2MB now have the capability to fully secure IoT devices. And these algorithms are also becoming smarter and can thwart spy movie-esque attempts at trickery; for example, biometrics can now distinguish between your voice and a recording of it. Backed by AI and machine learning that studies individual user behavior, biometrics can also now authenticate users by their gait, how they type, how they apply pressure to a touchscreen, and plenty more of the things that make you, you.
Secure authentication is the only way to commercialize IoT in the enterprise. When this happens, there will be proper verification of monetary transactions and sensitive personal data can be shared. The challenge for the industry is to provide a secure, frictionless (passive) authentication that fully takes advantage of the IoT without compromising the UX.
With the death of passwords accelerating and the stakes of security for IoT industry health so high, the arrival and incorporation of highly capable biometric security measures within IoT devices is certainly a welcome one.