Is face recognition the new password?

Posted on: February 25, 2014 | By: Christina Bonds | Filed under: Tech Tips, Info Security

Face
When we enter a username and password to get into a system or web application we are trying to authenticate.  Once the correct information is entered access is allowed.  How can the system or application know for sure it has given access to right person?  We all know usernames and passwords can be guessed, stolen or shared.

There are three main categories for authentication – something you know, something you are, and something you have.  A username and password would be considered something you know and is known as single factor authentication.  When you use an ATM machine you have to have a card and a PIN.  That would be something you have (the card) and something you know (PIN).  This would be considered two-factor or multi-factor authentication.   The ‘what we are’ factor deals with biometrics such as our fingerprints, our eyes, and even our faces.  Using biometric information is more secure than a username and password but do you consider the use of this information an invasion of your privacy?

As we enter the final week of data privacy month we need to think about our rights to data privacy in the connected world.  Will face recognition or another biometric replace the familiar username and password?  What rights should we have when it comes to our personal information and data privacy?  Here are a few that come to mind.

  • We should have the right to have some say in what personal information businesses collect and how that information is used.
  • We should have the right to not only know privacy policies exist but be able to easily read them before we agree to any terms or agreements.
  • We should have the right to expect businesses to comply with privacy laws and regulations and be made accountable if there is non-compliance.
  • We should have the right to access the personal information businesses collect from us and be able to correct it if we find discrepancies.
  • We should have the right to expect businesses to notify us of any data breaches in  a timely manner and the steps they are taking to fix the breach.
  • We should have the right to read the findings of breach investigations.
  • We should have the right to limit the amount and type of personal information that can be collected from us.

What other rights should you have as a consumer?  Data privacy concerns and issues should not end this month.  Let’s continue the discussions throughout the year.

Email, RSS Follow
Pin It
Share on Tumblr

Christina Bonds

Christina Bonds, CISSP, is an Application Developer at Elon University

More Posts

 

Comments are closed.