News &
Information

Synthetic Identities And Ghost Employees

The recent sentencing of a cybercriminal gang in the U.S. highlights growing types of cyber fraud. Learn about the risks.

Facial Recognition Faces Challenges Even Though Passwords Still Present Security Risks

Facial recognition logins on government sites are put on hold for now. Read why passwords continue to remain the default.

Why Training May Be The Best Way To Protect Your Data

The greatest cyber risks come from the fewest number of employees. Learn why training is important for preventing cyberattacks.

Shadow IT And Cloud Services Present Difficult Challenges For Employers

While cloud services can be the answer to an organization's IT security issues, uneducated customers can find themselves vulnerable to data disclosure.

Facial Recognition Faces Challenges Even Though Passwords Still Present Security Risks

The General Services Administration (GSA), which oversees federal offices and technology, has decided that facial recognition technology will not be used on its secure log-in service, Login.gov.

The GSA's Login.gov already provides sign-in services to 200 websites run by 28 federal agencies and has been used by more than 40 million people. This position differs from that of the Internal Revenue Service and other federal agencies that sought to require Americans to consent to facial recognition to sign on to government websites.

The GSA says the face-scanning technology has too many problems to justify its use as an identity verification service. The director of the GSA's Technology Transformation Services has stated that the GSA "is committed to not deploying facial recognition … or any other emerging technology for use with government benefits and services until a rigorous review has given us confidence that we can do so equitably and without causing harm to vulnerable populations."

The Treasury Department last year awarded a two-year, $86 million contract to a private contractor, ID.me, that would require taxpayers to send in video scans of their face before they can verify their identities and access their tax records online. The plan was scheduled to go into effect this summer. The GSA's site was built and is operated by government employees to accomplish the same tasks as ID.me by relying on more traditional methods of identity verification, such as scanning government records and credit reports.

However, the IRS announced it has abandoned that plan after news of the contract stirred up a controversy because facial recognition systems are unregulated in the United States and have been shown in federal tests to work less accurately for people with darker skin. Members of Congress and privacy advocates also voiced concern that the systems could undermine Americans' privacy rights or unfairly disadvantage people without access to a smartphone, laptop camera, or the Internet. "Huge government agencies clash over imposing facial recognition" www.washingtonpost.com (Feb. 07, 2022).

Commentary

Leadership’s decision to oversee the hardening of a company’s cyber defenses can be informed by the pros and cons of using facial recognition illustrated by the contrasting positions taken by the IRS and the GSA.

Federal guidelines published in 2017 by the Commerce Department’s National Institute of Standards and Technology urged agencies to follow identity-verification standards, known as “Identity Assurance Level 2,” that includes collecting a person’s facial image, fingerprint, or other “biometric sample,” either in-person or remotely, to help stop fraud.

Over 40 percent of IT leaders estimate that they could reduce their risk of breach by almost half simply by eliminating passwords. Nearly every security leader (86 percent) would do away with passwords if they could. Almost three-in-four (72 percent) are actively looking to replace passwords. However, until passwords are replaced by other means of access such as digital devices, security keys, or by using Bluetooth, USB, or NFC devices to authenticate their login, passwords are here to stay.

Cybersecurity experts recommend organizations integrate a two-factor authentication system or require a password manager. Neither requires employees to recall complex strings of characters, and both better protect data. Moreover, biometric devices go beyond fingerprint readers. They can include retina and iris scanners, handprint patterns, DNA Fingerprints or DNA Matching, deep tissue illumination, keystroke or typing pattern, ear shape, gait, odor, signature recognition, typing recognition, and vein recognition.

Finally, your opinion is important to us. Please complete the opinion survey: