Apple announced last week that iPhone X, scheduled to be shipped in November, will contain facial recognition security. Samsung Galaxy 8 has the technology already residing in its new OS Oreo.
While most tech people are in a flurry regarding whether facial recognition is an invasion of privacy or the newest leap forward, a larger looming question resides in the background. Should biometrics be the new requirement for information security?
Equifax breach
Along with Apple’s announcements last week, the public learned of a data breach of Equifax in July 2017. As most know, Equifax is one of the three gods of credit. Namely, they contain all information and inform those who hold credit if those who are seeking credit are worthy.
Equifax's data files contain entire lives and histories.
Unfortunately for the 143 million people affected, the breach is a result of Equifax not scheduling a patch for their system framework. A patch that was released in March 2017.
While frustrating and panic causing to say the least, the breach is done and the resulting questions of how can people be protected are making their rounds. Of course, credit monitoring and two-factor authentications are primary ways to catch someone using data incorrectly.
But is that all there is?
Options already available
As mentioned above, two factor authentications already exist and are part of any fraud alert system. A consumer can inform a bank, company, or agency they would like a fraud alert on their information. This would implement a second level of authentication, either by phone or other means the consumer designates, before opening new accounts in the consumer’s name.
Unfortunately, although this system is already in place, the burden is on the consumer. Namely, they must request a fraud alert. Fraud alerts are active for 90 days only, and individuals have to request a new one unless a police report is provided.
Secondly, companies do not have to follow a two-step authorization, despite offering it.
Biometrics as security
This is where biometrics come into play. Two already developed security options are facial recognition and fingerprint ID, which can prove identity beyond a doubt.
Yet this requires accepting loss of some privacy. For facial recognition and fingerprint ID to work on a large scale, a centralized database containing everyone’s face and fingerprints is required. While fingerprint ID already exists to unlock mobile devices, the information resides in the phone only. Similarly, devices contain the facial recognition information.
While China already has this in place for most of their public, non-Authoritarian governments will likely receive backlash and a bit of fear regarding providing such personal information. The America public is likely to cringe from providing their facial and fingerprint identifications into a public database.
The public is not easy swayed to give up their sense of autonomy, as evidenced by outrage regarding Alexa's server of recordings.
What can individuals do now?
As tech, government, and public go rounds regarding the best option for ensuring credit security beyond the basic 9 digit SSN, the public is left wondering what to do right now.
The most important piece to digital security is ensuring no one can access your data but you. Really that comes down to three items:
- Accurate and up to date anti-virus software, including network access. It’s particularly important to not forget security on mobile devices. They connect to the internet frequently and are at risk from similar attacks.
- Update your computer and mobile device frequently. As hackers (both white and dark) are pushing at software, companies are creating patches to correct the issues. You are putting your devices and information at risk by not updating promptly.
- Passphrases that are different between every application. We know it’s a pain to remember tens of different passwords, and so do hackers. In fact, most people use variations of the same password regardless the application. There are password safes and apps that can give a location for all passwords. Also, newest information on passwords states phrases are harder to break and easier to remember.
- Ensuring all banks and credit holders have in place a two-factor authorization method.
What can businesses do?
Previously businesses and companies were not at risk for data breaches, other than reputation and potential stakeholder abandonment.
However, agencies are beginning to hold companies liable for data breaches. The Federal Trade Commission (FTC) is investigating Equifax, though the FTC normally does not get involved.
Some of the costliest unplanned expenses for a business to endure are data breaches. Simple precautions are necessary to protect your revenue and your clients.
- Stay up to date on all patches. Having knowledge of your system's framework is essential for ensuring timely patch application.
- Training and certification for all IT personnel. There are industry standards for education in security. Ensuring all staff members responsible for your network are up to date will optimize proactive responses.
- Enable an IT partner to assist with security. Running a business means not being able to focus on security full time. A partner who specializes in security will enable you to focus on running the business.
Moving away from reactionary learned helplessness
Unfortunately, it feels like our information is constantly under attack by hackers and data breaches. Equifax is just the latest, albeit the largest, in a string of information breaches over the last few years.
While some things are unavoidable, there are steps everyone can take to ensure information is secure. Ultimately there will need to be entire system changes to ensure data security. Society will have to decide regarding the next steps of security, whether biometrics or blockchain transactions. Ultimately by coming to terms with loss of data versus loss of privacy.
Samsung and Apple have already decided which direction their devices are going.