Security is critically important to every business. We recently spoke with Rob Wood, technical vice president at global cyber security expert, NCC Group, to ask his view on ID verification.
Here’s what Rob had to say…
Q.Where are the common issues in ID verification systems currently?
“There are a number of common mistakes that organisations make when it comes to handling sensitive information such as passwords and biometric data.
“One common mistake is failing to properly secure credentials. Storing passwords in plaintext, weakly hashed, or in a way which can be unencrypted, are common examples. This not only makes this information easier for attackers to get hold of but would also now constitute a breach of the General Data Protection Regulation (GDPR).
“The insecure storage of biometric data is also an important factor to consider. Storing this data in a centralised database is a common bad practice. If, or when, these databases are compromised, then this could expose all biometric data. The best counter-measures to this include storing information on a secure device that the user controls such as a phone or smart card, using a device’s inbuilt security methods, and importantly, never storing raw biometric data.”
Q. How can ID verification technology be made more secure?
“Two-factor authentication can be an effective security method. Without it, credential stuffing attacks, which use breached login details to attempt to gain access to user accounts, have a far higher success rate following data breaches.
“It’s also crucial to consider how password resets are handled. Some password reset methods allow attackers to reset them without proper authentication, whilst others send plaintext passwords via email – these, and other insecure methods, can result in an attacker gaining access to a user’s account.”
The Hello Soda View
Thanks for those insights Rob!
We completely agree. In terms of biometrics, our BioMatch facial recognition software encrypts all data, and nothing is stored on devices or the cloud, in order to protect PII. Two-factor authentication can provide added security, but can also be overcome with an unlocked mobile device. Profile ID social authentication verifies identity by analysing hundreds of data points related to a user’s digital footprint to ensure that the device holder is who they claim to be; going beyond standard SMS authentication codes.
If you’d like to know about our Identity Verification solutions you can get in touch and book a free and hassle-free demo here.
About The Experts
NCC Group exists to make the world safer and more secure. As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore. You can visit their site here.
The views expressed in the above comments do not represent or imply endorsement by NCC Group or its employees.
Look out for our future instalments of ‘Hello Soda talks to’, for quick and highly qualified insights from industry leaders…