Palm vein authentication beats passwords

Net 1/2016,  2016-12-27

We are living in the golden age of passwords – but not for that much longer. In fact, the end of password supremacy is already in sight, especially in large companies and organizations. Due to the inconveniences and costs related to password management and resetting lost passwords, the interest towards finding smarter ways to handle identification and identity management is increasing.

Sharing information to the right people at the right time requires a reliable and smooth identification and identity management. In many organizations, however, identity management is scattered all over the company.

"Organizations have dozens of systems in use. Each of them has their own, separate user management, the level of which varies depending on the admin resources," says Petteri Arola, Head of Enterprise & Cyber Security, Nordics at Fujitsu Finland.

Petteri Arola

Petteri Arola is entering a meeting room using palm vein authentication. Integrated into the PalmSecure ID Access device, the PalmSecure sensor identifies individuals via contactless scanning of the palm.

Taking the wrong shortcuts in data sharing leads to problems

Companies or organizations encounter more and more problems with identity management and password protected authentication, when they use dozens or even hundreds of systems to share information among employees working in different roles.

If identity management related to these systems has been split in silos around the organization, it may very well be that no-one has a comprehensive overall view or a full understanding of the different levels of identity management. It is realistic to assume that the most hard-pressed identity management admins have resorted to shortcuts and have granted access rights in a very straightforward manner. In that case, the data security of the company may practically rely on the goodwill of users.

"The truth is that there are quite a few executives out there who are not familiar with the level of data security in their company. In larger organizations, in particular, the all too liberal attitude towards identity management is often the root of the problems. Employees and external partners may have access to information that they should no longer be authorized to have," Arola says.  

Organizations are tempted to find the most efficient way of sharing data. Sometimes this leads to taking shortcuts in the wrong way.

"In the worst case scenario, there is a big group of people who all use one and the same admin credentials. In such cases, there is no way to trace the use of specific data to any particular user. But if companies want absolute identification with full traceability, then biometric authentication is completely unbeatable in terms of usability and reliability when compared to password-protected systems," Arola continues.

IDaaS identity management as a service

If data gets into the wrong hands, it will cause major problems sooner or later. EU's new regulation concerning data protection puts even more pressure on company management, as it imposes stricter requirements on the handling of personally identifiable information. To authorities this gives another possibility of fining organizations for violating the regulations.

Fujitsu's IDaaS identity management service will ease this pain. All the identities of a company are centrally collected to the organization's own directory. Fujitsu's service is integrated into this directory and into other systems as needed. Furthermore, it is possible to also include access control, work-time tracking and practically all the physical spaces that can be locked in the service.

Single-sign-on allows users to access all the needed services, and their access rights are managed through one centralized system.  

"For example, the actual verification of an identity can be done using biometrics, of which palm vein authentication is currently considered as the most reliable method, or some other form of identification. When you get to test palm vein authentication in practice, you won't be missing passwords anymore."

For inquiries, please contact: Petteri Arola, tel. +358 44 7126 969

Read more about Fujitsu's data security solutions

More Information

Published in the Net Magazine 1/2016,  2016-12-27

Facebook  Twitter  Google  LinkedIn