A draft Digital Authentication Guideline (SP 800-63-3) released Tuesday by the National Institute of Standards and Technology (NIST)has placed limits on the use of biometrics for authentication.In the document, NIST states that, “for a variety of reasons, this document supports only limited use of biometrics for authentication”.However, it adds that biometrics authentication is considered safe, under one condition: “Biometrics SHALL be used with another authentication factor (something you know or something you have),” the guideline's draft reads.”Testing of the biometric system to be deployed SHALL demonstrate an equal error rate of 1 in 1000 or better with respect to matching performance. The biometric system SHALL operate with a false match rate of 1 in 1000 or better.”When the biometric sensor and subsequent processing are not part of an integral unit that resists replacement of the sensor, the sensor SHALL demonstrate that it is a certified or qualified sensor meeting these requirements by authenticating itself to the processing element”.The NIST DAG draft argues that SMS-based two-factor authentication is an insecure process because the phone may not always be in possession of the phone number, and because in the case of VoIP connections

Also in the news:

Default ThumbnailDigital rights activists use facial recognition to track Congress members Default ThumbnailImageWare gains IBM status Default ThumbnailIndian state deploys IriTech iris solution for pensioners