A new report from the National Institute of Standards and Technology (NIST) has highlighted the use of biometric authentication on mobile devices to enable quick access to confidential data for first responders, while guaranteeing that only approved users can access the information.
The use of biometrics for mobile device authentication is becoming increasingly popular within public safety organizations (PSOs) as a secure and fast alternative to passwords. Biometric authentication solutions, such as facial, fingerprint and iris recognition, have been incorporated into many smartphones and Apple devices, providing PSOs with improved identity, credential, and access management (ICAM) capabilities. In emergency situations, rapid access to sensitive data is essential, and biometric authentication provides a much faster option than passwords. Despite the advantages of biometric authentication, there are challenges to implementing it for mobile devices, particularly for first responders. These challenges must be addressed in order for PSOs to make the most of biometric authentication.
In a joint effort between the National Cybersecurity Center of Excellence (NCCoE) and the Public Safety Communications Research (PSCR), a report was released exploring the authentication challenges faced by first responders. It provides advice on how authentication solutions utilizing biometric authentication, which typically involves wearable sensors and scanners built into devices, can be implemented. However, there is the potential for verification errors, such as scanners failing to capture fingerprints or granting access for false matches. The report explains that to use biometrics in authentication, there needs to be a reasonable confidence that it will correctly verify authorized persons and not verify unauthorized persons. It also provides insight into the efficacy of biometric authentication solutions and the potential for false matches due to errors in capture, extraction, and enrolment. Furthermore, the guidance document explains how to implement biometric authentication on shared mobile devices and the potential privacy issues that could arise, in addition to ways to mitigate those issues.
The purpose of this report is to give first responders more details on biometric device authentication and the difficulties they may encounter when transitioning away from passwords. NIST would like to hear opinions on the report and encourage feedback to be submitted before July 19, 2021.