The confusion might be from the use of the word "biometry," which sounds similar to biometrics, interchangeably with biostatistics. But biostatistics, again, also called biometry, is the application of statistics to biology, particularly in the fields of medicine and agriculture.
Further adding to the confusion, biometry used to be called biometrics during the early 20th century and is still called so even now from time to time, particularly by the International Biometric Society, a trade group promoting biostatistics.
That confusion aside, biometrics – as commonly known in the IT security field – is a type of authentication system. Biometrics uses the physical characteristics of an individual, such as their fingerprint, iris, face or voice pattern, to authenticate to a computer system.
Biometrics is one of the three factors of authentication. The three factors are something you know, something you have or something you are. Something you know would be something the user memorizes like a user ID or password. Something you have would be a card or device with authentication credentials that the user carries, like a smart card or one-time password (OTP) token. Biometrics is the third factor, something you are, such as the physical characteristics just mentioned.
The three factors can be used individually, in what is called a single-factor system, or combined in what would be called multifactor authentication. The idea behind multifactor authentication is that it's a multi-layered defense. If a malicious user breaks one factor, they'd still have to break the second or third to gain access.
For more information:
This was first published in February 2008