How Biometrics Can Be Used for Logical Access Entry – Part 3


In our last blog post of this series, we examined how both Fingerprint Recognition and Iris Recognition can be used as a primary means of logging into your computer.

In this blog post, we now review how Biometrics can be used as means of Two Factor Authentication (2FA) for your business.

The Use of Biometrics in Two Factor Authentication (2FA)

Using Biometrics (such as either Fingerprint Recognition and/or Iris Recognition) is being viewed as the next, complete replacement for the use of passwords – at least when it comes to Logical Access based applications.

… But, it can also be used for the purposes of Two Factor Authentication, in which more than one credential is supplied in order to gain remote access to the corporate server, especially in the case of Remote Login sessions.

Typically, the credentials in these situations must fall into at least two of these categories:

  • Something You Know:
    • Password or a PIN Number;
    • A Digital Certificate.
  • Something You Have:
    • A digital token (such as an RSA Key FOB);
    • A phone number;
    • Smartcard.
  • Something You Are:
    • In these instances, it would be either your Iris Template or Fingerprint Template.

So, for example, when an employee remotely logs into the corporate server from their laptop using a Virtual Private Network (VPN), their first credential for secure access could be a PIN Number or the RSA token.

The second credential to be used could either be the Iris or Fingerprint Recognition device which is either plugged into the computer via a USB connection or is actually embedded into the computer itself.

This is illustrated in the example below:

Also, if the employee wishes to use a secure file transfer program like PuTTY (which also supports Telnet), either Iris Recognition or Fingerprint Recognition can also be used as a second or even first means of remote authentication.

This is illustrated in the diagram below:

For example, the employee can login into their computer first with a Fingerprint or Iris Scan, then from there, they can launch the SSH or PuTTY program, after they have been securely logged in.

The private key with the respective program is also unlocked using the end user’s Biometric.


Although Biometrics can be used as a great Security tool, it is used best as a tool in a multi layered approach.

That way, if a Cyber attacker were to break through one line of defense, the Biometric Modality being used (as the secondary layer) should be able to catch the infiltrator.

In this regard, preparing your business properly to defend against any Cyber-attack is an absolute must. Part of this lies in creating a solid Incident Response Plan, which another one of our blog post series examines.


Facebook Comments


Please enter your comment!
Please enter your name here