FBI Cyber Task Force advises businesses to use biometrics
14 October 2019 15:47 GMT

BIO-key has noted that  several media reports announced that the FBI Cyber Task Force recently issued a four-page Private Industry Notice that recommends the addition of biometric factors and behavioral information checks to multi-factor authentication (MFA) approaches, citing known and exploited vulnerabilities of token and phone-based multi-factor authentication methods.

The FBI’s notice, issued as part of National Cybersecurity Awareness Month, provides important validation for the use of biometric hardware and software authentication solutions such as those developed by BIO-key. The FBI’s report has received broad media attention including Forbes, ZDNet and BankInfoSecurity.com.

BIO-key’s authentication solutions are unique in the market in that they allow interoperability among over 30 different fingerprint scanners from a variety of manufacturers and are available as a turnkey Windows Active Directory authentication solution for enterprises, as well as an authentication platform module ready to serve our federated IAM partners’ customers.

The FBI reported that a large variety of schemes and attacks are being used by cyber actors to defeat multi-factor authentication, including social engineering, SIM swapping and account-takeover malware such as Muraena and NecroBrowser.

The FBI recommendation comes after its review of victim reports to the Internet Crime Complaint Center and actual criminal attacks against mainstream multi-factor authentication methods. The notice marks the first time since 2015 that the FBI has expanded upon its initial recommendation to use multi-factor authentication.

“The FBI’s report and recommendation is so powerful because it comes from their unique vantage point from the front lines, fighting cybercrime and investigating real breaches, not from an ivory tower or hardware token industry standards group,” said Jim Sullivan, BIOkey’s SVP of Strategy and Compliance. “The FBI has one goal, which is the prevention of cybercrime, and that makes them a very credible source,” Sullivan added.

“Biometrics should not be an afterthought in a comprehensive Identity Access Management (IAM) strategy,” said Mike DePasquale, BIO-key CEO. “It should be a core design factor in an IAM platform, for end-user authentication, provisioning and governance. BIO-key offers our customers a comprehensive set of biometric authentication options, both on-device and onserver, to meet the real needs of business users,” continued DePasquale.