Hitachi recently announced their upcoming launch of finger vein biometrics that essentially scans finger vein patterns to authenticate users. Hitachi says the technology will work with any 720p camera (or better) on laptops and mobile devices. The user simply waves their hand in front of the camera when prompted to authenticate to the computer. Hitachi released this cool overview video here:
Now, I get as excited about a new biometric technology as much as the next fraud prevention geek. But, any announcement of a new authentication technique does raise some questions.
How well does the approach really work in practice? Will we replace other biometric authentication methods with this new finger vein biometric? Is this finally the technology we have been waiting for to replace passwords? And, what do we do now?
After all the excitement generated by previously introduced biometric authentication technologies, including voice, fingerprint, face, iris, retina, palm and probably others, there are (at least) a couple of important things we need to consider.
First, we will continue to have new biometric authentication techniques emerge. Remember, FaceID is still less than two years old, introduced with the Apple iPhone X in November 2017. We have to be better prepared for the introduction of new biometric authenticators (or any new authenticator for that matter) into our organizations. Every time a new authenticator is introduced into the organization, countless hours of planning and implementation time are required. Many organizations simply remain on the sidelines, holding off on implementing new technologies due to the overwhelming effort involved. They are hesitant to expend the effort required to implement a new technology knowing that a “better” technology is likely to come along. They are always anticipating “the next big thing.”
Second, regardless of the new biometric authentication technology being introduced, we have yet to truly integrate authentication technologies with our fraud prevention infrastructure. One of the main issues is that many still consider biometric authentication to be pass-fail, yes-no. However, biometric technologies are probabilistic, not deterministic. A biometric authenticator is essentially a little risk engine, performing calculations on many biometric attributes to determine the probability the current measurement matches the saved measurement. It’s never 100% certain. But, we should be capturing far more than the “yes-no” result to better fuel our risk analysis, ultimately providing better security and a better end user experience.
Our world is constantly changing. The pace of new technology development is only getting faster. We have to accept that we will need to continuously adapt and continuously implement new technologies that will inevitably become obsolete far earlier than we would like.
What if our identity platforms were more plug and play? If authenticators could be swapped in and out with minimal effort? And what if we were able to easily coordinate all elements of identity management – authentication, risk and authorization – to rationalize our identity offerings? What if we made every authentication decision fully context aware?
Well, there’s a new breed of identity orchestration platform that is providing answers to these questions at leading institutions.