Advancing Biometrics in a Zero Trust Era

Advancing Biometrics in a Zero Trust Era

Stay updated with our daily and weekly newsletters for the latest and exclusive content on leading AI coverage.

Selfies-derived biometric data, fake passports, and cyberattacks targeting data stores with sensitive information like fingerprints and DNA have long been hot commodities on the dark web. These data help attackers gain access to highly valuable personal information. As attackers continue to enhance their techniques, they are increasingly engaging in sophisticated synthetic ID fraud.

Current measures to protect biometric data are proving inadequate. Gartner highlights that while biometric authentication offers unique benefits over traditional credential-based methods, concerns about new types of attacks and privacy issues hinder wider adoption. Their recent study notes that there is growing worry about AI-enabled deepfake attacks potentially compromising biometric authentication systems.

Last year, at the Zenith Live 2023 event, Zscaler CEO Jay Chaudhry revealed how an attacker created a deepfake of his voice to extort funds from the company’s India operations. VentureBeat has identified more than a dozen deepfake and biometrics-based breach attempts against top cybersecurity firms over the past year. This issue has become so prevalent that the Department of Homeland Security now offers guidance on countering these threats. As all forms of biometric data are high sellers on the dark web, expect 2024 to bring more attacks targeting corporate leaders.

Why are attackers focusing on senior executives first? Nearly one in three CEOs and senior executives have fallen prey to phishing scams, either by clicking phishing links or transferring money. According to Ivanti’s State of Security Preparedness 2023 Report, C-level executives are primary targets because they are four times more likely to fall for phishing attempts compared to other employees. Ivanti identifies “whale phishing” as a new digital epidemic targeting thousands of company’s top executives.

Srinivas Mukkamala, Chief Product Officer at Ivanti, predicts that in 2024, there will be a greater demand for higher security standards, focusing on privacy, device interaction, and interconnectivity. Organizations will need the right infrastructure to meet the growing expectation of connectivity on various devices.

The mission for improved biometric security focuses on supporting a zero-trust world. Tina P. Srivastava, co-founder of Badge, shared that their aim is to solve complex authentication problems by relying on the human as the trust-anchor, rather than on easily lost or stolen hardware devices. After experiencing identity theft herself, Srivastava led her team to develop a user-centric solution using cryptography to make people their own roots of trust. With Badge, your identity doesn’t depend on a device or token; you are your own token.

In response to the escalating need for stronger biometric security, Badge Inc. has launched its patented authentication technology, making traditional methods of storing personal identity information (PII) and biometric credentials obsolete. Badge has also formed a partnership with Okta to strengthen Identity and Access Management (IAM) for enterprise customers. Srivastava explained Badge’s unique approach to biometric authentication, which eliminates the need for passwords, device redirects, and knowledge-based authentication (KBA). Badge’s system allows users to enroll once and authenticate across multiple devices within an enterprise, ensuring the same person who registered is the same person authenticating.

What sets Badge’s approach apart is its reinforcement of zero-trust principles while safeguarding PII, including biometric data, from attacks. The platform ensures privacy-preserving authentication across all applications and devices without storing user secrets or PII. Badge’s patented technology enables users to generate private keys using their biometrics and selected factors, without hardware tokens or stored secrets. Badge’s client base spans various industries like banking, healthcare, retail, and services.

Badge’s technology significantly contributes to zero-trust architecture by minimizing data access, thus reducing the impact of potential data breaches, and by supporting least-privilege access. Its strong potential for reinforcing multi-factor authentication (MFA) is evident, as users can authenticate with unique factors, including biometrics, without needing hardware tokens. With substantial enterprise partnerships, Badge continues to add value to zero-trust frameworks. Their collaborations with Okta and Auth0 highlight Badge’s growing relevance within broader IAM platforms.

Srivastava also mentioned that Badge operates on a cryptographically zero-knowledge basis, not entrusting any party with sensitive data, and offers quantum resistance for future-proof security. This places Badge as a robust component of any organization’s zero-trust strategy.

Stay informed! Receive the latest news in your inbox daily by subscribing to our newsletter.