"Like all binary authentication, such as password, knowledge-based authentication, and vulnerable two-factor authentication factors such as SMS, biometrics can fall victim of account takeover," says Fausto Oliveira, principal security architect at Acceptto. "Consequently, IT departments must apply the same rigor for the deletion of biometrics as clearing passwords when employees leave."
Oliveira points out that a strong policy surrounding identity and how it is treated when an employee leaves a company for any reason makes for a situation that can be automated, resulting in a process that requires relatively little human intervention.
"[Otherwise] it leaves the organization in an uncertain state, without the ability to audit what is enforced in which systems, where there is no correct way to measure the risk associated with credentials that may have been left behind in the assets," he says.
Read the full article here