Biometrics, using fingerprints or FaceID, are a good idea on all your devices, but is not foolproof. InfoGrate recommends using biometrics along with multi-factor authentication (MFA). There is a limitation to using biometric authentication only, and this is an evolving situation that we are monitoring.
We are excited about the future security that biometric authentication will bring through vendors like Windows Hello, Okta Verify, and Duo Passwordless. However, It has come to our attention that due to a limitation with how a fingerprint is sent to the authentication system, biometrics can be bypassed. This limitation can affect all major manufacturers but so far has only been proven to affect Windows Hello. Due to the nature of the problem, Okta and Duo are also likely to have this vulnerability. For a more in-depth review, please refer to this article.
What to know:
Biometrics are still good, but should be implemented along with MFA, not just because of this vulnerability, but also because fingerprints can be lifted from anywhere and used.
It takes a VERY good hacker to exploit this vulnerability, with hours of physical access to a device; it will only affect lost devices, which is why InfoGrate recommends having remote wipe software.
This situation is like locking the car and taking your keys with you, which may or may not prevent car theft. It will take a professional to exploit this vulnerability.
If you have any questions or concerns about your use of biometrics, don't hesitate to reach out to us at info@infograte.com. Stay safe out there!
Comments