Simple Principles
‘Behavioral biometrics’ is not a phrase that rolls off the tongue – in fact, it could be a real party stopper. In case you don’t know, it’s a proposed new cyber-security feature that’s in development. Apparently it will be possible to educate your PC or device to recognise that you’re the legitimate user. Not by boring old passwords, fingerprints or the distance between your eyes, but by analysing how you type, click, tap or swipe, how much pressure you exert on the keyboard and so on.
This is all very ingenious and may well have some specialised uses. But most security problems would be solved much more by an outbreak of ‘behavioural common sense’ for which no ingenuity is required. Use strong passwords, don’t use insecure wi-fi, keep software and virus protection up to date, don’t open attachments to emails unless certain of their origin, don’t submit financial information except through highly trustworthy channels such as PayPal. Oh, and don’t leave your laptop on the back seat of your car.
There was much hand-wringing over the recent ransom ware attack that badly affected some large organisations, including the NHS. But none of that would have happened if these simple principles had been applied. And none of it would have been prevented by sophisticated user identification. Organisations, particularly those handling sensitive data, need to see this not as a technical problem but as a people problem. The answers lie in training, safe procedures, supervision, auditing and (if necessary) sanctions.












