The Wall Street Journal: Companies Move Beyond Passwords With Human Behavior Algorithms

September 28, 2015 — Companies Move Beyond Passwords With Human Behavior Algorithms

Companies are starting to look at incorporating user behaviors into new security profiles. NuData Security is mentioned in this Wall Street Journal article as one of the startups that has created its own algorithms for authenticating customers.

The greatest threat to every corporate network remains the typical employee, a creature known to use the same password across multiple websites and occasionally click on links found in suspicious emails. But now companies like Google , Wells Fargo and Aetna are starting to look at employee behavior differently—not as a threat, but as the possible key towards building a more secure enterprise.

They are researching or starting to implement behavioral biometrics, a field of study that seeks to identify unique patterns in the way people perform various activities, such as the way a person types or swipes the screen, or even how she walks while she holds her smartphone. The goal is to take those patterns, collected by sensors and other technology, and create a unique digital persona that can be used to identify and continuously verify trusted users in the network. Security experts say that how people behave is very difficult to copy, especially when several metrics are combined.

“We’ve been thinking of behavioral characteristics as a way to augment something as a basic as user ID and password for many years,” said Steve Ellis, head of Wells Fargo’s innovation group.

Startups, including BioCatch, BehavioSec , NuData Security and Zighra, have created their own algorithms for authenticating customers. Zighra, for example, sells a software development kit called KineticID that companies can add to their mobile applications. Typically the technology builds a behavior template from a user’s early interactions with the app. On subsequent logins, a matching algorithm gauges the user’s actions. If they don’t match up with the template, app activity is terminated and a customer may be prompted to supply additional verification such as a one-time security code sent to a mobile device.

To see the full article at The Wall Street Journal, click here.