Making Sense of Password Alternatives: Iris Biometric Devices vs. Wearable Biometric+RFID Authentication Devices
October 18, 2021
By: Emily Patterson – Sales Manager, Distribution at Grantek
Passwords can be problematic. They are difficult to remember, often reused across other systems, and susceptible to misuse by bad actors. Even if intentions are good, passwords can also be shared with co-workers, vendors, and partners. All of this leaves Life Sciences companies and those working in GxP production environments looking for a secure alternative to passwords.
Two alternatives that have become increasingly common are Iris Biometric Devices and Wearable Biometric+RFID Authentication Devices. These alternatives can be used to automate authentication in any industry, however in a GxP production environment both options can provide unique value. GxP production environments have special gowning protocols and the continual need to verify credentials. This means any password alternative must meet unique standards.
Selecting the right password alternative can have long-term ramifications for Life Sciences companies and their operators working in GxP production environments. To make sense of this, let’s take a deeper look at the technology they are built on, the cost to implement, and how they perform.
Wearable Biometric+RFID Authentication Devices work by storing a user’s biometric matching data on the device. Once the user puts on the device, the biometric data is matched, and the solution confirms the correct user is wearing the device. When the operator uses the Wearable Biometric+RFID Authentication Device to validate an action or gain access to an area via an RFID scan, that action is documented as being completed by the confirmed user. Since Wearable RFID Devices store a user’s Biometric matching data on the device, they can be stolen and attacked. Some Wearables use an encrypted RFID code but devices that lack this provide opportunities for easy duplication.
Iris Biometric Devices work by streaming video of the user’s iris and identifying, codifying, and digitizing unique characteristics derived from an analysis.. The system compares the digital data to stored encrypted numerical matching templates in memory on a secure server. Every pair of Irises are unique and have been estimated to only encounter a duplicate 1 in every 2.25 trillion times. Every user is uniquely matched, and their Iris cannot be copied or reproduced in any manner that would be acceptable to the biometric system.
Iris Biometric Devices have no data stored on them and therefore there is no risk to swapping the device for a new one and no risk if one is stolen or “borrowed”.
A single Iris Biometric Device attached to a workstation will use a centralized service to match and automatically authenticate any number of enrolled workers. Wearable Biometric+RFID Authentication Devices must be purchased and provisioned for every individual operator–plus spares (and an associated management process) must be available for forgotten, lost, or broken devices. Each operator gets their own band. For example, a single workstation with 5 users per shift, over 3 shifts, you must purchase and manage 15-18 Wearable Biometric+RFID Authentication Devices, but only 1 Iris Biometric Device. With a low Mean Time Between Failures (MTBF), only a few Iris sensors must be kept on hand to serve as spares for the entire factory.
Wearable Devices are purchased for every user, while only one Iris Biometric Device is needed per shared workstation. Since the devices cost roughly the same amount, an Iris Biometric device-based solution can cost 10 – 15 times less than a Wearable solution.
Also, after initial installation, administrative costs for a standard USB Iris Biometric are minimal. Iris Biometric Devices never leave the factory floor and as a touch-free system, they require only basic periodic cleaning. Wearables require more extensive break/fix/replace management and cost. Time savings and compliance are diminished when bands are unavailable due to end-user mistakes (mis-placed, left in car, left in gowning room/locker/restroom, etc.).
The current technology used in Iris Biometric Devices generates a verified user match and automated authentication within 2 seconds. The next generation of technology that will be used in these devices will authenticate in under 1 second. Some Wearable basic RFID Authentication Devices are just as fast, or faster, but others that are encrypted and more secure can take longer (5-7 seconds) to complete an automated authentication.
The leading Wearable Biometric+RFID Authentication Devices have a significant dependency on Active Directory and require significant integration with and custom configuration of Active Directory. These also have limitations in multiple domain environments which are common in large corporate IT environments. Iris Biometric Authentication and user management can be enabled with and without AD dependencies and work in multi-domain scenarios.
Another performance issue to consider is contamination risk. Wearable Biometric+RFID Authentication Devices can bring contaminants into a clean GxP environment. The wearable devices do not stay within the GxP environment, as they go in and out with users worn on the wrist. This movement can introduce external contaminants if operators do not take time to properly clean Wearable Biometric+RFID Authentication Devices or if they are not part of a proper gowning and cleaning SOP. Since Wearable Biometric+RFID Authentication Devices are mainly in possession of the operator, there are more chances that these employees will not follow the proper care and maintenance of their bands, resulting in increased cost and overhead.
The maintenance, control, and security of the Iris Biometric device is the responsibility of the company because it is on their shop floor and stays there. Iris Biometric Devices never leave the GxP environment and can be used without touching when mounted. Standard cleaning protocols and equipment can be used to maintain Iris Scan Devices. Also, Wearable Devices must be kept charged and recharged whereas Iris Scanners are powered by a USB plug with no charging required.
When looking for a secure password alternative for your GxP production environment, these exciting new technologies offer significant advantages over the status quo. However, the significantly lower upfront and ongoing maintenance costs, ease of use in cleanrooms, ability to spread the benefit across all users, and significant quantifiable time savings benefits offered with Iris Biometrics suggest that this may be the better value-added solution.
Either of these options can provide a password alternative that is secure, is easier for operators to utilize when recording actions than password-based systems, and by verifying and definitively linking the audit trail to a specific user, will significantly enhance data integrity and efficiency in Life Sciences manufacturing operations.
Grantek, and our network of partners including Integral Biometrics, can help you find the password alternative that will work best in your GxP production environment. Contact us at email@example.com to discuss how your productivity can be improved and your reporting capabilities enhanced, while simultaneously increasing the security of your operations.