QUICK LOOK
The Project: multi-factor authentication for online services.
The Vendor: Biopassword.
The ideal identification solution isn't a token, a smart card, or a fingerprint, according to a $62-million credit union here.
Instead, foolproof authentication is ensured by typing.
Automotive Federal Credit Union employees log-in to their workstations simply by entering their user names and passwords on their keyboards.
But at the same time, biometric software checks each employee's unique typing rhythm before permitting access.
"We're restricting access to our members' data as much as possible without cumbersome or costly hardware," said John Hoblack, general manager at the CU. "It's a good thing."
The biometric software remembers each employee's typing dynamics, such as how hard keys are hit or the 'flight times' between keys. The profile is refined and strengthened with each tap of the keyboard.
Automotive FCU has used keystroke biometrics provided by Seattle-based BioPassword, Inc. for one year. And because BioPassword is software-based, "it's cost-effective and easy to implement," said Hoblack.
"We don't have to put physical devices on every workstation," he said. "We installed the software at the network level, not at the PC level, which was a relatively painless process that took a short amount of time."
The keystroke dynamics solution could offer 100% authentication for members, as well. Credit unions can use the biometric solution in tandem with passwords to verify online-member identity, meeting this year's FFIEC multifactor authentication deadlines for protecting data online, according to BioPassword.
Automotive FCU can adjust the level of security and convenience of the biometric template on a scale of 1 to 100 for each user, with 100 being the most secure, Hoblack continued.
"Mine is set at 28," he explained. "I was able to set it to where no one else could log into my PC, but it wasn't too complicated for me to log in."
Hoblack stressed that BioPassword is just one layer in the many folds of network security at Automotive FCU. "We use a multilevel approach. For our core system, there's another password."
San Antonio City Employees FCU in Texas also uses the keystroke solution, but to authenticate remote users, according to BioPassword. Biometric authentication is reputed to be 100% accurate-as long as the technology is able to read the user's characteristics.
Indeed, credit unions using fingerprint readers to verify member and employee identification have told The Credit Union Journal that failure-to-read rates range from less than 1% to up to 40%.
Automotive FCU could not verify the failure-to-read rates for the keystroke solution. However, BioPassword research shows a 4% error rate, which incorporates both the false-accept and false-reject rates, according to Greg Wood, the firm's chief technology officer.
Often, the strength of biometric authentication allows users to do away with passwords, thus relieving password management hassles for the credit union. BioPassword, however, integrates password-based security with the biometric technology.
That's not a problem for Automotive FCU, which rarely has to reset passwords, said Hoblack.
CUJ Resources
For info on this story:
* Automotive CU at www.autofed.org
* Biopassword at www.biopassword.com
