Give biometrics a broader role in electronic authentication guidelines: IBIA
The International Biometrics & Identification Association (IBIA) submitted comments to the National Institute of Standards and Technology (NIST) urging NIST to consider expanding biometrics’ role in a future update to its electronic authentication guidance publication.
Last month, NIST issued a call for comments on NIST Special Publication 800-63-2 Electronic Authentication Guideline which was last updated in August 2013.
The comments addressed NIST’s question, “What requirements, processes, standards, or technologies are currently excluded from 800-63-2 that should be considered for future inclusion?”
IBIA said that 800-63-2 and its previous versions outlined a narrow role for biometrics in e-authentication, and it feels that the role of biometrics and server-based matching should increase to address the many changes that have occurred since SP 800-63 was first published.
The many advances in biometric technology now make it possible to design effective systems that include biometrics as a recognized authentication token, said IBIA.
IBIA also points out that PINs and passwords are more likely to be compromised than biometrics.
The organization also states that NIST has included server-based biometric verification in a successful pilot demonstration under the National Strategies for Trusted Identities in Cyberspace (NSTIC) program.
Another argument that IBIA makes is that biometrics are being included today in multi-factor authentication applications that result in similar — if not better — risk profiles than other NIST-approved methods.
And finally, IBIA emphasizes that biometric verification has proven to provide a fast and easy user experience which further encourages its use.
“There has been a surge in the use of biometric technologies for mobile banking and other e-authentication applications,” said Walter Hamilton, IBIA’s vice chairman. “We believe that NIST should support this trend by providing guidance on how to ensure the effective implementation of biometrics as an authentication token rather than narrowly limiting its use.”
Previously reported, the International Biometrics & Identification Association (IBIA) spoke out against the Transportation Security Administration’s (TSA) decision to exclusively use biographic data solutions in order to expand the PreCheck travel screening program, arguing that biometrics should continue to serve as the procedure’s foundation.