Multifactor authentication (MFA) without a biometric component is just not cutting it when it comes to keeping information secure, Michael DePasquale, chairman and CEO of BIO-key International (Wall), recently told NJTechWeekly.com.
Many banks, for example, are sending numerical codes to cell phones to allow their customers to gain access to their online bank accounts. “The FBI — who is in our country the preeminent [guarantor of] cybersecurity, cyber threat investigator, and mitigator — is basically saying that what was done is no longer secure because of what they call “man-in-the-middle” attacks, where that code can be interrupted and can be used by someone else to access the account.”
DePasquale was referring to a recent FBI Cyber Task Force four-page Private Industry Notice that recommended the addition of biometric factors and behavioral-information checks to MFA systems, citing known and exploited vulnerabilities of token- and phone-based MFA methods.
BIO-key has been alerting its customers and would-be customers about the importance of including biometrics in personal and business security systems.
“That is something that you have, that’s yours personally, your finger, your eye, your face, whatever,” said DePasquale. “We’ve been telling this story a long time, and I think the FBI just validated our premise, which is that you need something else that is part of your multifactor authentication solution, and that is a biometric.”
The current methods used for MFA (pass codes, tokens, etc.) have been widely introduced over the past 18 months, DePasquale said, and they’re already being exposed by hackers.
BIO-key (and its professional partners, such as Microsoft) is at the forefront of the war against theft, he noted. The company sells both software and hardware, including finger scanners, which are plugged into a USB port. When the finger scanners are used with system software, you can easily replace the pin normally used to access your device.
Scanners can be purchased for home use or in large quantities for businesses. “They are a step in the right direction in utilizing biometrics for access to your devices and the accounts that you access,” said DePasquale.
“We are dedicated to the state [New Jersey]. Our headquarters are here. In fact, we just brought three new people on in the past 90 days.”Michael DePasquale, chairman and CEO of BIO-key International
Founded 26 years ago, and led by DePasquale for the past 16 years, BIO-key believes its business will soon be flourishing. “ We’ve always been kind of an episodal business, up and down,” he said. “But I believe over the next year, you’re going to see very steady growth.” In light of that impending growth, DePasquale gives a “Yay” to future hiring, especially of Garden Staters. “We are dedicated to the state [New Jersey]. Our headquarters are here. In fact, we just brought three new people on in the past 90 days.” BIO-key also has locations in Minnesota and Massachusetts, as well as operations in the Far East.
The company’s biggest challenge is user behavior. “It’s changed. It’s a fact that these — I’ll call them ‘less secure’ — methods have kind of proliferated in the market, especially the phone-based methods. They just dominated because there’s no friction, everybody has a mobile phone, and it’s easy to send a message, and have that message plugged in,” said DePasquale.
“So, the challenge has been really with our technology, especially our finger technology. You require the sensor, so you have to have the device, so that’s been the challenge. But now, at the price point that we make it available, it’s less of a challenge. The price [per individual, $39.00] is probably one month of your cell phone bill.”
BIO-key offers a smooth segue into its biometric protection program, called “Proof of Concept,” he added. “That’s for our enterprise customers. We want them to be able to test-drive our technology and our solutions, risk free, and show them how they can not only increase and enhance security, and set up a better system to prevent cyberattacks, but also show them how, from a cost-effective perspective, this can benefit them.”
DePasquale summed up his and BIO-key’s purpose as follows. “Today, not only do we have the capability to prevent cyber crimes, but we have the ability to make [our program] even more affordable than traditional methods. Those are the two messages we want to get across: that [our technology] is widely used by some very, very large marquee-name customers … and that it’s affordable. It’s affordable for the small, medium or large-sized enterprises.” DePasquale then gave some examples. “We have small banks with 100 people utilizing our technology, and small manufacturing companies using our technologies, all the way up to large telecommunications and government agencies around the world,” he said.
“So, it scales really nicely. We can do it for 2; we can do it for 2,000,000.”