White House official says biometric authentication should replace passwords

Michael Daniel, the White House’s cybersecurity coordinator, recently spoke out against passwords as a security measure, and in favor of more sophisticated identification technology such as biometrics.

According to a Washington Times report, Daniel said fingerprint readers have been emerging and that they will eventually become as common as cell phone cameras. “Hard” card readers and other authentication gadgets could also replace passwords.

“Frankly, I would really love to kill the password dead as a primary security method because it’s terrible,” Daniel stated.

He made these comments Thursday at the event “Building a Cybersecurity Roadmap: Developing America’s Edge” hosted by the Monitor and The Center for National Policy.

As the US President’s top cybersecurity adviser, Daniel’s comments come with great authority, and at a time when criminal hacking attempts have become worryingly commonplace.

US government spy agencies inadvertently also helped drive companies like Apple to rollout of new privacy features like Touch ID to try to protect their customers from government surveillance.

The Obama administration has, so far, not made a major push towards requiring private companies to take specific cybersecurity measures – partly because regulation cannot keep up with the pace of technology. However, Michael Daniel says they are planning on bringing some “small” cybersecurity legislation before Congress by the end of the year.

Article Topics

 |   |   |   |   | 

Comments

30 Replies to “White House official says biometric authentication should replace passwords”

  1. Whether static or behavioral or electromagnetic, biometrics cannot be claimed to be an alternative to passwords UNTIL it stops relying on a password for self-rescue against the false rejection altogether while retaining the near-zero false acceptance in the real outdoor environment. A dog which depends on a man cannot be an alternative to the man.

    Biometrics can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. I would appreciate to hear if someone knows of a biometric product operated by (1). The users of such products must have been notified that, when falsely rejected by the biometric sensor with the devices finally locked, they would have to see the device reset.  It is the same with the biometrics operated without passwords altogether.

    Biometric products like Apple’s Touch ID are generally operated by (2) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y – xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are less secure than the devices protected only by a password.

    It is very worrying to see so many ICT people being indifferent to the difference between AND/conjunction and OR/disjunction when talking about “using two factors together”.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Popular

Biometrics Research Group

Biometrics White Papers

Biometrics Events

Explaining Biometrics