BIO-key CEO says FBI guidance sets up a wave of enterprise biometric MFA adoption
The Federal Bureau of Investigations’ recently announced guidance for U.S. businesses that multi-factor authentication (MFA) requires physical or behavioral biometrics to supply one of the factors in order to be secure from circumvention is seminal for the biometrics industry, according to BIO-key CEO Mike DePasquale.
The reason for the timing of the Private Industry Notification, DePasquale told Biometric Update in an interview, is that with a high volume of attacks, evidence has now accumulated from FBI investigations through the Internet Crime Complaint Center. It shows that passwords, tokens, cards, and keys of various kinds can all be circumvented.
“When high-profile enterprises are attacked it’s news and media-worthy so it gets out there. But how about the hundreds of thousands of small and medium-sized businesses that also house customer information and consumer data, that may be housing for example government contracts, secrets, or special data that’s not for public release?” DePasquale asks. “What about those companies?”
Multi-factor authentication has become dominant in the marketplace, he says, and pretty much standard for enterprise security. The factors generally include a phone-based SMS or token, which DePasquale says is a risk.
“Phones are probably the most hackable authentication mode today because of SIM swapping and man in the middle attacks,” he states.
Fear is not an effective marketing tool, however, according to DePasquale. Instead, account security should be considered as an investment, with a much lower cost than dealing with any sort of data protection incident. Biometric security solutions can also be had on a subscription basis, eliminating major upfront investment costs, and as hosted services, so they do not require extra infrastructure.
That means that not only does the argument in favor of deploying biometrics to secure enterprise accounts now have a more authoritative voice than it had before, the technology is also significantly more accessible, and customers are becoming more comfortable with the concept of investing in compliance and breach prevention, DePasquale points out.
“It’s a lot easier today even than it was two years ago to deploy these solutions and to do it with a value prop, not based on fear, but showing the value, the benefit, and then what ultimately I believe is the cost savings of utilizing this technology.”
He expects many companies to heed the FBI’s advice and implement biometrics over the next 12 to 24 months. Many of them will do so by taking bolt-on biometric services which BIO-key and other companies have in their portfolios, and integrating them with existing systems.
Implementing biometrics could even end up contributing to cost savings on cybersecurity insurance riders, according to DePasquale. The potential for cascading market change in the near term is substantial.