BACKGROUND IMAGE: kentoh/Fotolia

E-Handbook:

Biometrics and beyond: Online authentication techniques get personal

Get started Bring yourself up to speed with our introductory content.

Are biometric authentication methods and systems the answer?

Biometric authentication methods, like voice, fingerprint and facial recognition systems, may be the best replacement for passwords in user identity and access management.

IT security teams are never in a fair fight: They must defend all possible entry points, while an attacker only...

needs to find and exploit one weakness or vulnerability to breach a network's defenses. This asymmetry highly favors attackers, particularly when it comes to networks and resources protected by inherently weak password-based authentication systems. As a result, many enterprises are moving to two-factor authentication because it makes credential abuse-based attacks less of a threat, as obtaining a valid password is no longer enough to gain access to a network or account.

However, two-factor authentication (2FA) schemes are only as secure as their weakest component. For example, hardware tokens depend on the security of the issuer or manufacturer; in 2011, security company RSA reported that its SecurID authentication tokens had been hacked. SMS-based 2FA has also been found to be vulnerable to a number of attacks, and the National Institute of Standards and Technology now recommends that it should no longer be used in 2FA tools.

The whys of biometric authentication methods

The presence of high-quality cameras, microphones, and fingerprint readers in modern devices is making biometric authentication methods and tools a viable option in 2FA. They offer frictionless authentication, and people are becoming familiar with using their fingerprint, voice or face to unlock computers and mobile devices; 16- to 24-year-olds actually feel more confident in the security of biometric authentication methods than PINs and passwords. Cars are also coming equipped with cameras and image sensors. Various manufacturers are already working on using facial recognition to replace the traditional car key.

A big advantage of behavioral biometrics is that the identifiers can be discreetly monitored in real time.

Several banks have introduced voice recognition -- a behavioral biometric as opposed to a physiological one like a fingerprint -- to offer a quick and easy way for customers to identify themselves. The technology can filter out background noise, detect voice recordings and is not confused by temporary changes to a voice caused by a blocked nose or sore throat. Voiceprints are made up of over 100 unique characteristics, such as pronunciation, emphasis, speed, accent and the influences of physical elements of a person's mouth and throat -- like the length of the vocal tract and the shape and size of the mouth and nasal passage.

A big advantage of behavioral biometrics is that the identifiers can be discreetly monitored in real time to provide continuous authentication, instead of a single one-off authentication check during login. By monitoring behaviors such as typing rhythm, mouse movements, voice, gait and gestures to see if anything looks suspicious, an attacker is put in the position where one mistake will give their presence away, completely reversing the asymmetric relationship between defender and attacker. It's similar to antifraud systems that compare a card purchase against previous spending patterns.

Advantages of biometric authentication methods

Because they eliminate the need to remember dozens of different passwords for different digital services, biometric authentication methods do generally improve the user experience. British multinational bank Barclays has said the time taken to verify customers' identities has fallen from 90 seconds to less than 10. Voice may well become the most common form of customer authentication, as voice command-based user interfaces make more sense than touch interfaces in many situations.

Yet like any form of authentication, overall security depends on how well these systems are implemented. Biometric behaviors are shaped by social and psychological factors that make them unique, but it's not impossible to fool a biometric check. An HSBC customer's twin brother managed to access his bank account when the system let him repeatedly attempt to mimic his voice. Biometric authentication may be the answer, but implementation is everything.

Next Steps

Learn how mobile fits in to a biometrics security strategy

Some experts still say 2FA is preferable to biometrics

The role of behavioral analytics in IT security

This was last published in August 2017

Dig Deeper on Biometric technology

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you believe biometrics are the best way to improve authentication security -- and if not, why?
Cancel
The best way to ascertain the most effective and efficient authentication method is acheived by evaluating the business application context to establish stakeholders' objectives which will then assist in determining functional, performance and assurance requirements.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close