The nature of our working lives has changed dramatically in recent years. Long gone are the days of limiting ourselves to office spaces and desktop computers. With technology advancing and the pandemic pushing businesses to find new solutions for making remote work seamless, the ability to facilitate access around the globe has become paramount. With employees now able to work literally everywhere, the onus is on businesses to be able to grant secure information access anywhere.

But this presents a problem. How do companies allow employees on completely different networks in completely different locations have convenient access? The challenge of securely identifying a person becomes much greater when work can be done anywhere around the world.

Travel Outside the Fence

The summer of 2022 saw four straight months of travel exceeding pre-pandemic levels, and with everyone moving around so much, the need for flexible authentication is clear. While many organizations have implemented multi-factor authentication (MFA) strategies that rely on second authentication layers like one-time passwords (OTPs) sent to a user’s phone, they also assume that the user can receive those texts all the time. When traveling, for example, many employees might take the time on a long flight to get a little work done; however, they can’t receive an OTP in the air.

Hardware tokens are another option; however, employees can’t really be expected to have hardware tokens on them 24/7 for fear of them being misplaced or stolen. Travel creates a diverse set of use cases that show the need for flexible, secure methods for verifying the identity of someone on the other side of the screen.

Like using a credit card, many businesses have methods for identifying unusual behavior in their network. To reduce the risk of an attack, tools like geofencing are used as one method for gauging whether an action like logging into the network is being done by a friend or a foe. While this makes the network more secure, it also can create obstacles for traveling and remote employees. An attempted login from China may be threat actors, it may also be Steve from marketing checking his email while visiting Shanghai with his family.

High Risk Means High Security

This is where adaptive authentication comes in. Many companies use systems that analyze the risk of a login attempt based on different factors. Is the login coming from a known device? Is it coming at a strange time? Where in the world is the login attempt originating from? By gauging the risk of a login attempt, the system can request more stringent security measures for situations with greater risk. In order to best understand the effectiveness of these measures, businesses can look at extreme cases to see if their system can provide secure access from anywhere.

Take Zoe Stephens, the woman who was stranded on Tongo during the pandemic. And for the sake of this example, her laptop was lost in transit by the airline. How can a company confirm her identity if she attempts to login into their network from a public library in Tongo? This scenario would set off red flags for any security system.

Something You Are

The key here is the necessity to accurately verify the identity of a person. While some MFA methods rely on things that you have, like a laptop or hardware token, and some rely on things that you know, like a simple password, the company, in this instance, needs to be confident that they are not only verifying a device or a piece of knowledge but the person themselves. Some things are immutably us — our face, our fingerprints, palm prints, and our voice, which cannot be stolen by hackers and aren’t dependent on the device we are using. These biometric measurements can prove that we are whom we say we are in situations where everything else about the login process is abnormal.

With a centralized biometric system, it is possible to say with a higher degree of certainty that a user is whom they claim to be from anywhere in the world. By storing a biometric measurement centrally, the company can compare the thing that makes a person uniquely them to a template, like a lock and key. This can be used to prove that person’s identity across any device, from anywhere in the world.

Anticipating the Unknown

Companies must embrace the idea that work can be done from anywhere and that unusual use cases will occur. Just ask any of the people on the 116,000 flights which have already been canceled in 2022. There need to be ways to authenticate users in those risky cases with confidence. Centralized biometric systems provide a method for identity verification that is free from device dependency and secure even in high-risk login situations. Whether on the ground or in the air biometrics rely on the only thing that matters — the measurements that make you, you.

As post-pandemic business and personal travel ramps back up and hybrid and remote work remain the norm, now is a good time to take a hard look at how companies facilitate access for their users wherever they may be.

This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.