The password is dead. Long live the password.

Passwords are becoming ‘the’ security problem that needs to be solved.

Password prompt
Will we ever see the password put to bed?

As security breaches become more commonplace, passwords are getting longer and more complicated. Take a mixture of your pets name, mother’s maiden name & your favourite holiday destination, shake them around a bit with some upper and lower case, numbers and symbols – and you’ve got a more secure password.

It’s a shame you can’t possibly remember it.

Multiply those passwords across multiple sites and log-ins and unless you use the same one on them all, or keep a list of them all on your computer (which is more of a security risk than anything else), you’ll be continually hitting the ‘forgotten your password?’ button.

Everyone’s trying to find an alternative, but like cockroaches – the password is hard to kill off.

So what else is there?

Biometrics

Fingerprint or ear scanners on your smartphone, iris scanners at work, vein scanners at the supermarket – there are a raft of biometric solutions out there promising unique authentication by using something that’s unique to you.

Like most things in authentication, it’s a case of horses for courses. Biometrics have more of a place in the workplace for proving your identity than in the consumer world. Unless you’re purchasing that DVD on your smartphone, for example, they’re useless for logging into your online store.

Also, they aren’t immune to hackers. The iPhone 5S’s fingerprint scanner was successfully fooled two days after its launch, as was the subsequent Samsung Galaxy SF. All the more worrying is the fact that the Galaxy SF’s scanner is being used to authenticate PayPal transactions. Read our previous blog.

2. Implants.

We chip our pets, so why not humans?

PC Advisor has just run a fascinating online poll:

If you could have a chip implanted or carry around an ID card that meant you never had to remember passwords or log-ins again, would you do it?

Out of 4098 votes, 39% said yes, 50% said no and the rest weren’t sure. Now the ‘yes’ vote was way higher than we would have expected.

It sparked off a great debate from the voters. Those against in the main were concerned about:

– privacy (Big Brother knowing your every move and location)

– the opportunities for crime (hacking out the implant and stealing your identity, then leaving you to bleed to death)

– the medical procedure of getting it under your skin in the first place (will it hurt?).

Others just didn’t fancy being bleeped every time they passed through the supermarket checkout.

But some were fully for the idea, seeing the benefits of having one means of identification that you can’t accidentally leave at home. The convenience ruled out any concerns – especially if it’s an implant you can remove.

As one tongue-in-cheek comment rightly pointed out, “kids are already chipped, they never leave home without their smart phone.”

3.  A colour wheel?

Mnemonic password
Would you prefer colour, sound or a story?

One design student at the Royal College of Arts in London thinks she may have an alternative. Renee Verhoeven’s graduation project ‘ID Protocol’ creates a series of password tools that does away with letters and numbers in favour of personal, mnemonic memory codes.

ID Protocol uses the 3 main pillars of mnemonic memory: movement (muscle memory), synesthesia (interpreting code as a texture or sound) and making a story from existing words.

It works something like this: the user selects an ID Protocol pass that plugs into their computer. Passes can use different sensory cues such as colour, pattern making, memory or storytelling: allowing you to use a colour wheel or a story mechanism rather than a set of numbers and letters to log in.

It’s just a concept for now, but as secondary authentication measures become more popular, maybe we’ll be identifying ourselves with a gesture or a story soon. Read more

4. Your heartbeat?

Just one of the latest pieces of kit around that promises a new way to log-in or prove your identity is the Bionym Nymi. It looks like a simple watch, but it’s actually a piece of technology that authenticates your identity by measuring the rhythm of your pulse. Your heartbeat is unique and can’t be faked, so they say. It’s only available for pre-order at the moment; watch this space.

A more realistic answer

The reality is it’s likely to be a combination of these things. Multi layer authentication is set to be the future, where we use two or more factors to prove our identity, depending on the perceived risk. So we may use a biometric method (a fingerprint for example) with a simple password or pin, or scan the information on our smart cards and follow-up with a mnemonic prompt.

We’re already using biometric methods on our smartphones, and their GPS or NFC capabilities add yet another layer.

One-time use passwords and PINS are also likely to feature strongly, as is pre authenticating mobile devices. However this only works if the device has been registered in the first place.

Passwords and PINS will probably never fully go away. But one thing’s for sure – they  won’t be replaced by one definitive solution.

IFSEC 2014 round up

Thermal cameras are coming to your smartphone, the smallest door controller we’ve ever seen, a surveillance robot only 50cm high & The Raptor

IFSEC International is one of the biggest dates in the security industry’s calendar. If you manufacture security products, you’ll have been planning for this one for months.

This year it was held in the ExCeL in London and attracted over 24,000 visitors from around the globe.

Here’s a breakdown of what interested us most when we were there.

E-vigilante surveillance robot

Watch out opportunistic crooks, there’s a robot on your tail. EOS Innovation, an award-winning European start-up, were showing off their E-vigilante robot with high-resolution camera, and rightly so.  The camera pans 360° and can patrol randomly or follow a pre-programmed route – all of which is controlled by a security agent remotely.

A key target is organisations with large warehouses or areas that can’t always be easily physically patrolled, and obviously it can keep people costs down.

The remote agent can choose to set off alarms, flashing lights or talk to the intruder through the robot. So you could say it’s like your front-line in defence, even though it’s just 50cm tall.

z-5r door controller
No bigger than your thumb

Is this the smallest door controller you’ve ever seen?

It was for us. That’s our £1 coin beside it on the photo, so you can see it to scale. Annoyingly, we forgot to take it with us when we left. Stand people: you owe us a quid.

This teeny Z-5R door controller bills itself as the ‘simplest entry controller’ and it certainly won’t be an eyesore in your expensively designed office. Despite its size, it still has the memory for 1364 cards. Put one in your pocket today.

The Raptor
Who’s up for a test drive?

The Raptor

The world’s first road-legal, three-wheeled electric powered vehicle. Where can we take it out for a spin?

The Raptor is being marketed as a ‘major breakthrough for policing and security patrols’. The ‘driver’ stands on an elevated platform that gives them the ability to see over crowds – making it ideal for events or processions.

With its top speed of 25mph it’s never going to be one for catching car thieves. But its ‘custom-made chassis, electronic differential and intuitive handle bars’ made it one of the most popular products at the show for gadget lovers. Whether it’s actually practical in a crowd situation remains to be seen.

Flir One

Always wanted a thermal imaging camera on your iPhone? Well you’ll soon be able to, if you can afford it.

FLIR were giving us a sneak peek of their first thermal imaging device designed for consumers that translates thermal energy into dynamic colour images. Good for outdoor adventures, detecting leaks, security and much more. You just know it’ll be a great hit at parties.

DESfire technology is everywhere

One thing we couldn’t help but notice is how much DESfire technology is now being used in access control readers. Compared with our visit to IFSEC last year, the amount of manufacturers now using DESfire has increased significantly. With this will come a demand for more DESfire cards, which are currently only readily available as blank, non-branded cards.

We will shortly be able to offer pre-printed DESfire cards – with both trade branding and trade prices available. If you’re an installer interested in these, please contact us.

Other things that got us talking

access control lock
Impenetrable? Now there’s a challenge…

Paxton Access showed us their nigh-on impenetrable door lock and eSurv attracted big crowds to look at their drone that can be used for surveillance with their VMS software.

We were able to get a good look at HID Global’s new iClass Seos contactless smart cards that will be the next big thing in securing identities.

We also got a good look at how Samsung are ‘changing the face of IP’ with their open platform technology that allows customers to upload third-party apps to their cameras. You can watch their video on YouTube

Unsurprisingly, innovation is alive and well in the security industry, and NFC technology continues to make its mark. Let’s wait and see what IFSEC in 2015 has to offer.

 

Biometrics in schools: big win or big brother?

“If you don’t know the password you can’t come in.”

It’s a phrase often heard in school playgrounds up and down the country, as children play games with their friends.

But frankly, passwords could soon be irrelevant if biometrics continue to take off in the way that they have.

A piece of research carried out by Big Brother Watch based on data from the 2012-13 academic year, and published earlier this year, revealed that an estimated 40% of schools in England are using biometric systems. It therefore surmised that fingerprints have already been taken from more than one million school pupils; many without their parents consent.

These fingerprints are the necessary ‘password’ to access many of the school’s services, from paying for their lunch to checking out a library book.

The argument ‘for’

biometrics in schools
One upside can be the increase in library books being checked out

Supporters of using biometrics in schools are quick to point out a number of benefits. The most obvious one being security – a fingerprint can’t be copied or lost in the way that an ID card can. Then there’s the speed and convenience: no more queues at a card scanner when arriving at school or rummaging around for coins, holding everyone up, at lunchtime.

Let’s not forget the ‘cool’ factor in all of this as well. Opponents to fingerprinting in schools tend to be the parents, not the kids themselves, who generally welcome the idea, and look forward to the whole ‘sci-fi’ deal that goes with it.

One of the unexpected benefits was found in the library. Some schools reported a big jump in books being borrowed – the kids liked using the fingerprint scanner so they took out more books. Always having the means to check out a book ‘on them’ meant they were more likely to do so.

The solution also helps to ensure equality at meal times. With everyone using their fingerprint to ‘buy’ their lunch, it’s impossible to tell who qualifies for free school meals, which means no-one is singled out.

The argument against

For all its supporters, there are certainly those who are passionately against the use of biometrics. The concerns range from worries over privacy and the ability to ‘steal’ and misappropriate personal data, to the fact that these systems normalise the act of tracking and monitoring pupil’s behaviour.

Some of those responding to the report released by Big Brother Watch talk about the danger of biometric information lying on a database somewhere, at the mercy of hackers or lost by those clumsy enough to leave a laptop on a train. Biometrics providers are quick to point out that records of the actual fingerprint aren’t stored; rather it is encrypted into a series of digits. This is what’s used to confirm ID against the fingerprint presented.

One comment, left by Anonymous, sums up the concerns around privacy in the future:

Future generations will not have any privacy or know what it is like to have privacy if we do not stop the erosion of privacy now… Yes it might be easier for kids to provide a fingerprint to get a library book out now but can they really be sure that it won’t come back to bite them in the future removing any possibilities of choice and privacy that they might want?”

The Freedom of Information Act

One of Big Brother Watch’s major issues is the fact that as many as 31% of the fingerprints were taken without gaining consent from the parents. With the introduction of the Protection of Freedoms Act 2012, which was passed in 2013, this should be a thing of the past.

The legal framework states that colleges and schools must follow these rules for biometric recognition systems:

– For all pupils in schools and colleges under 18, they must obtain the written consent of a parent before they take and process their child’s biometric data.

– They must treat the data with appropriate care and must comply with data protection principles as set out in the Data Protection Act 1998.

– They must provide alternative means for accessing services where a parent or pupil has refused consent.

A moot point for many schools

Let’s not forget that installing a biometric system doesn’t come cheap, so it simply won’t be realistic within some school’s budgets. But for those who can afford it, what will be the real price?

You can read the full Big Brother Watch report here

Does your school use a biometric solution? What kind of feedback have you had from parents and the children themselves? We’d love to know what you think.

Smartphones and biometrics: we’re all ears

The iPhone 5S was the first. Their Touch ID fingerprint scanner on the lock-in screen heralded the beginning of biometrics security as part of smartphone furniture.

But it was easily hacked just two days after the phone went on sale in September last year.

Germany’s famous hacker team, the Chaos Computer Club, were able to create a fake fingerprint from a rubber mould that could then be used with a real finger to unlock the phone.

Another German team, Security Research Labs, have just done the same with the Samsung Galaxy SF, released earlier this month. You can see the video here.

More serious consequences 

Unlike the iPhone, the new Galaxy’s fingerprint scanner does more than just unlock the phone – it can also authenticate payments via PayPal. Which is all the more worrying from a security point of view, as the hacker could be successfully making payments directly into their own bank account.

And there is no limit to how many times you can try to fake it, like there is with the iPhone.

The point being that it gives a would-be-hacker a much greater incentive to create a fake fingerprint in the first place.

But is it really likely?

Is your average Joe really going to lift a high quality fingerprint from clean glass, scan it at high resolution, clean it up and then print it on to latex rubber?

Probably not. As evidenced by the fact that there haven’t been any recorded cases of the method being used beyond the hacker’s tests. Yet, anyway.

So do the ears have it?

Not content with fingerprint or iris biometrics, DesCartes Biometrics has just developed an ear biometric lockscreen app designed exclusively for Android smartphones. The president and CEO of the company, Michael Boczek talks about the convenience of the ‘most natural of phone gestures – lifting your phone to your ear’:

An individual user simply lifts the device to their ear and presses their ear to the touch screen to authenticate and unlock the device. By combining the most natural of all phone gestures – lifting your phone to your ear – with the unique geometry of your ear, Descartes Biometrics has created a robust and reliable mobile device security solution that is easy to use, non-invasive and non-distracting.”

Currently you can get it on Amazon apps and Google Play.

We can definitely see the logic and the benefit of a different biometric approach to fingerprints. Especially as, in the words of Frank Rieger, spokesmen of the Computer Chaos Club, “it is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token“.

But do we really care that much about biometric smartphone methods in general? Is it still just a bit too early for adoption – especially at $3.99 a pop? It’s one thing if it comes as part of the phone, another if you have to fork out hard cash for it.

We’ll be watching the downloads with interest.

 

One password your kids can’t memorise

Samsung are the latest to add a biometrics feature onto their new smartphone.

Galaxy S5 smartphone
New biometrics feature authenticates mobile payments

The Galaxy S5, which is currently available to pre-order, will feature a fingerprint scanner in the same way as the Apple iPhone 5 does, with the main button on the front doubling as a scanner to unlock the device.

The security feature won’t just help to protect the phone from unwanted access if it’s lost or stolen, it can also be used to authenticate payments, as Samsung has partnered with Paypal to offer ‘payment-by-finger’.

That’s one way to stop the kids from buying something they shouldn’t on your Ebay account.

Is biometrics the future in mobile payments?

This new feature is a talking point, but can we expect this type of techology to become commonplace?

Mobile payments as a concept is proving to be slower to catch on here than was predicted. Market analysts have been saying ‘this is the year’ for nearly a decade, but in the US, only 3-7% of consumers currently use their phones to buy goods in a shop.

Mobile banking is popular, but actually making a mobile payment, for example paying your bill in a restaurant via PayPal, is taking a while to get off the ground. But making person-to-person transactions via your mobile phone is growing, and nearly twice as many consumers are using mobile payments now than they did last year.

Is biometrics the stumbling block?

The kids don’t mind

There is still a real reticence amongst consumers about the use of biometrics technology, particularly when it comes to payments. Iris scanners, fingerprint scanners and even the newer palm & vein scanners all generate concerns that primarily revolve around privacy and the potential for misappropriation of data.

Those with a darker side worry about the lengths thieves might go to in order to steal your biometrics password: severed fingers, gouged-out eyeballs etc.

But is it merely a generation thing?

For those who have grown-up with the technology, a fingerprint scanner is commonplace. The fact that it’s now part of the latest smartphones makes it part of the furniture. Much in the way that they’re used to being able to stop and rewind live TV (“you mean there was a time when you couldn’t?”), it will become normal to authenticate payments with their own body.

School rules ok?

Many schools, particularly in the US, are looking into biometrics methods to ensure the safety and security of their students. A biometric solution brings a whole host of advantages in terms of access control. Unlike smart cards that can be passed around, stolen or misused, a fingerprint can’t.

There is naturally caution over the introduction of such a system, but most opposition comes from the school administration and parents – not the kids themselves.

After all, using the fingerprint scanner on your smartphone to pay for lunch, take out library books and get in the building isn’t just convenient, it’s kinda cool.

Get used to it, it’s the future

As the oft-quoted Douglas Adams said, in describing our reactions to technologies:

1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.

2. Anything that’s invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.

3. Anything invented after you’re thirty-five is against the natural order of things.

So it’s only a matter of time.

Paxton Net2 new v5 software: perfect for one-off events

At The Card Network, we sell more Paxton Net2 Keyfobs, cards and readers than any other manufacturer – by quite a margin. The Paxton Net2 access control system continues to be one of the most popular in the country, especially amongst schools.

Paxton Net2 cards
Paxton Net2 access control is more flexible than before

And with the launch of their new v5 software, the Paxton Net2 just got smarter and more flexible.

So what’s new?

–   Grant temporary access to workers

This will be good news for users who have shift workers or contractors that need access to the building for specific periods of time.

–   One-off time period feature for special events

Set temporary access permissions to a specific door, for as long (or as short) as you need to. This ‘custom days’ feature also makes it easy to modify access for special events or one-off occasions, such as a parents evening at school or a client entertainment / presentation after work. When the time allocated elapses, the system reverts back to its original privileges set-up. NB: this is only available on the Pro version of the software.

–    New Landlord Tenant feature

This new feature ensures that certain users only have access to relevant areas of the Net2 system, and only control the access levels pertinent to them. For example, department heads will only be able to view the information of their own staff, rather than those in other departments. (Again, this is only available on the Pro version).

Other features of the new Paxton Net2 software include:

–          Triggering actions such as turning on a light when a door is opened

–          Customising how long a door remains open for – catering to the needs of disabled users for example, or for delivery people who need extra time

–          The use of the ‘double tap trigger’ – present a token twice in quick succession to trigger an action

–          The ability to automatically reset the fire alarm.

As you’d expect from Paxton, the software is intuitive: easy to use and get around. Paxton reckons you can confidently have it up and running in two hours.

There is free Paxton Net2 Training available – see here for more information.

Watch the Paxton cartoon on YouTube for a fast & easy to absorb picture on the features.

 

Pay for your milk using your veins?

Forget fingerprint and iris scanners. You could soon be able to pay for the week’s groceries using the veins on your hand.

The Biyo: no wallets, no receipts – all you need is yourself

The next thing in biometrics payment authentication?

US Biometric company Biyo (formerly Pulse Wallet) have created a revolutionary way to make payments for everyday purchases.

Rather than opting for the mere fingerprint to authenticate payments, like so many other biometric specialists, Biyo have gone for the whole hand.

How does it work?

To set it up, you swipe your credit card as you normally would on the Biyo reader in store, then scan your palm and enter your phone number to link it to your account.

The unique vein patterns in your palm create your own secure biometric password for all future transactions. One of the key benefits being, as Biyo points out, that this is a password ‘you never have to remember.’

Then the next time you pop into a shop (one that supports the Biyo technology of course), all you have to do to authenticate your purchase is wave your hand over the reader. Job done. No more shielding your PIN from the person behind you.

You can then track your transactions online or via the Biyo app.

Will it take off?

The problem as far as we can see it, is ensuring enough merchants sign up to the technology to make it accessible. The fact that you can forget your wallet and still pick up tonight’s dinner by scanning your palm is great, but what if the Take Away doesn’t have a Biyo terminal? You’ll have to drive back home to pick up your cards. Which goes against the benefit of ‘convenience’ somewhat.

It’s only available in the US at the moment, but if it’s successful, you can probably expect it to roll out to other countries.

What’s wrong with a finger – why do we need the whole hand?

Biyo points out that their palm vein pattern recognition uses near infrared light to capture your own individual vein pattern which is more than 99% accurate. The sensor is contactless, so you won’t be leaving traces of your pattern like you can do with fingerprints. Also, the technology isn’t affected by any blemishes or cuts on your hand as it’s looking underneath the skin.

We know what you’re thinking. What if someone chops off your hand and whips it out at the till?

Ignoring the inherent problems of getting a severed hand past the shop assistant, Biyo are quick to put you at ease on this one – it wouldn’t work due to the lack of blood flow.

So that’s a relief.

Find out more at http://biyowallet.com/

Beware clones: are your Mifare cards genuine?

Mifare cards are one of the most widely used and best-selling smart cards on the market, most commonly used as contactless cards, e-tickets and readers worldwide. Most transport providers use Mifare cards, as do schools, sports organisations and many other businesses.

Genuine Mifare cards use NXP chips from NXP Semiconductors, a trademarked product that guarantees quality, security and reliability.

Printed mifare cards
Cloned Mifare cards can compromise your security and are illegal

Could your Mifare cards be clones?

Until quite recently, the market has been awash with unauthorised cloned cards from China. These cloned alternatives are much cheaper, but use unstable technology that fails to deliver the performance and security of authentic Mifare cards. They are also illegal and NXP will act against anyone infringing on their trademarks.

What are the problems with cloned cards?

Non-genuine products can cause considerable problems in a contactless system. They are less stable, have a shorter read range and can cause interruptions or disturbances in the service they provide. In short, failure rates are high. Your security may be seriously compromised – a serious message for organisations out there who depend on secure access control, such as schools, hospitals or government buildings.

What can you do to check if your cards are genuine?

If you’re concerned that your Mifare cards may be clones, send one to us for testing, with no obligation.

If you’re dealing with significant numbers of Mifare cards, AdvanIDe has just launched the Mifare Classic clone checker kit, which detects whether the chip contained within your cards is authentic. The kit includes a NXP Semiconductor reader, as well as additional test cards and software. You can find more information on this here

What are NXP doing about the problem?

REACT, the anti-counterfeiting network and NXP recently signed an agreement to stop unauthorised copies of NXP’s Mifare products. Within their first month, they have successfully removed over 4000 auctions that were attempting to sell the clones. NXP will not tolerate any infringement on its rights and will take all necessary action against those who sell or use their trademarks.

At the Card Network we only sell Mifare cards with genuine NXP chips.

No entry – sorry, your face doesn’t fit

If you read in the news about someone not being allowed entry to a club because they were wearing trainers or the ‘wrong type of jeans’, you wouldn’t be surprised.

But to be denied entry because your face isn’t right? Surely not.

Well actually, yes.

3D facial recognition technology for an exclusive membership club

3D facial recognition reader
“You may enter, 007”

MorphoTrak, an established provider of biometric readers for access control, has just introduced its 3D facial recognition technology to The Marque, an exclusive membership club in Houston, Texas.

The technology means that you won’t be allowed in unless your face fits – quite literally. A quick glance at the reader and members are instantly recognised, and the access control door unlocks to allow entry.

The Morpho 3D Face Reader™ is described as being ‘lightning-speed’, highly secure and convenient. The General Manager of The Marque comments that it’s “all very James Bond – which is why we love it.”

We can definitely see one advantage to this latest trend in access control: you won’t have to put your glass of champagne down to open the door.

Printed Mifare cards now available

 

Genuine mifare cards printed
Choose from a range of options and security features on your printed Mifare cards

The Card Network now provides double-sided print on Mifare Classic 1K and 4k chip cards.

This new printing service offers businesses, schools and organisations the flexibility to brand their printed Mifare cards, and choose from a range of features including numbering, variable text, signature panels, barcodes, as well as encoded & unencoded magnetic stripes.

Why use printed Mifare cards?

Mifare cards use NXP-Semiconductors trademarked chips, which are widely used in contactless smart cards and proximity cards. Thanks to their reliability and low cost, the cards are used by all kinds of organisations for different applications.

Printed Mifare cards are commonly used for access control, ticketing, transportation and as a smart ‘wallet’

Schools and colleges commonly choose printed Mifare cards because they’re capable of many functions. As well as being used for access control (for entry to the library for example) they can also be used for cashless vending (where a student ‘swipes’ for their lunch), to check out library books, or to access the computer system.

Printed Mifare cards are also well suited to environments where a low level of security is required. Sports clubs often use them as a means of allowing members to enter the locker rooms, and because they can also allow them to access their account at the bar.

The cards also act as perfect tickets – use them as season membership cards for example, and swipe them to get through the turnstile at a football match. They’re also widely used by transport providers as electronic tickets.

Genuine chips, high quality print

All the cards we supply contain genuine NXP Mifare chips: we don’t sell compatibles from the Far East. Our modern print set up doesn’t use surface print, so both the card and chip remain safe under the laminate overlay.

The chips in the card are supplied unencoded. If you have any special requirements for your printed Mifare cards, or you’re not sure which type to order, please get in touch and we’ll be happy to discuss your project. All our prices include design and artwork.

250 full colour, double-sided 1K printed Mifare cards start from £399.00.