What is Biometric Authentication? Use Cases, Pros & Cons

Biometric authentication is a concept in data security. Biometric authentication solutions create a data-generated model that represents the individual. With ... ContactSales WhatisBiometricAuthentication? Biometricsisatechnicaltermtorefertohumans’physicalorbehavioraltraits.Biometricauthenticationisaconceptindatasecurity.Biometricauthenticationsolutionscreateadata-generatedmodelthatrepresentstheindividual.Withthatmodelandbiometricinformation,securitysystemscanauthenticateaccesstoapplicationsandothernetworkresources.Biometricauthenticationisquicklybecomingapopularcomponentofmultifactorauthenticationstrategies,becauseitcombinesastrongauthenticationchallengewithalow-frictionuserexperience.  PasswordsvsBiometrics–WhichisStronger? Usernamesandpasswordshavebeenafoundationalsecuritymeasurefordecades,butnolonger.Multiplehigh-profilebreachesatmajorfinancialandbusinessinstitutionshaveresultedinmillionsofusername/passwordcombinationsstolenandlistedforsaleontheDarkWeb.Combinethiswiththetendencytorepeatpasswordsacrossmultipleaccounts,andthescaleofthevulnerabilitybecomesmoreapparent. Biometricauthenticationsystemsarelessexposedtothisvulnerabilitybecausetheuser’sbiometricdataisunique.Itisverydifficultforanattackertofraudulentlyreplicateanindividual’sfingerprintorfacialrecognitionscanwhentakenbyrobustsolutionswithstrongliveness/spoofdetection,andyettakesonlyamomentfortheappropriateusertoauthenticate.Becauseofthis,biometricsareconsideredmoreconvenientthanpasswordsandmoresecure. AccordingtoGartner,“Biometricauthenticationcannotanddoesnotdependonthesecrecyofbiometrictraits,butinsteadreliesonthedifficultyofimpersonatingthelivingpersonpresentingthetraittoacapturedevice(‘sensor’).Thislatterpointisnotwidelyknown,leadingtosomecommonmisconceptions,reinforcedbylimitedpresentationattackdetection(PAD)inconsumerdevicesandpublicityaboutsuccessfulattacksagainstAppleTouchID,Samsungswipesensors,Androidfacerecognitionandsoon.”Thisshouldbeareassuringmessagetothoseskepticalaboutthelong-termviabilityofbiometricauthentication. Blog BiometricAuthentication:FiveMythsBusted Inthisblogwedispelfivemythsaboutbiometricstohelpfinancialinstitutionsevaluatethebenefitsofthetechnology. ReadMore TypesofBiometricAuthenticationMethods FacialRecognition Facialrecognitionisaverywell-knownformofbiometricauthenticationpopularizedinthemanyspydramasandsci-fitalesinpopularmedia.Truly,thistechnologyisrootedinourbiology.Weusefacialrecognitioneverydaytoidentifyourfriendsandfamiliesanddistinguishstrangers.Inauthentication,theprinciplesofthisprocessaredigitizedtoallowasmartphoneormobiledevicetorecognizeafaceinmuchthesameway. Facialrecognitionsoftwareanalyzesthegeometryoftheface,includingthedistancebetweentheeyes,distancebetweenthechinandnose,etc.,tocreateanencrypteddigitalmodelforyourfacialdata.Whenauthenticating,thefacialrecognitiontoolwillscanyourfaceinrealtimeandcomparethemodeltotheonestoredwithinthesystem.Thoughfacialrecognitionisevolving,therearestillsomerisksinvolved. Pros: Mobiledevicesarewidelyadoptedandmostifnotallofthemhaveacamera. Verylittlesetup.Withmostmodernmobiledevices, thesecapabilitiesareincludedasstandardfeatures. Facialrecognitionisamongthemoreconvenientbiometricauthenticationmodalities.Lookingintothedevice’scamerainvolveslessfrictionthanafingerprintscanorauthenticationcode. Cons: Notallfacialrecognitionsystemsarecreatedequally.Someareeasiertospoofthanothers. Device-nativesolutionsarenotaseffectiveasthird-partyorproprietarysolutions. Facialrecognitionsystemswith“activelivenessdetection”requiretheusertomovetheirhead,blinkorperformotheractionsinthemomenttoverifytherequest.Thisprocesscanbeeasierforanattackertoanalyzeandcircumventandcanmakeforanawkwarduserexperience whereas“passivelivenessdetection”occursbehindthescenes,sothatitdoesn’tgetinauser’swayandisharderforanattackertoidentifyandunderstand. FingerprintRecognition Lawenforcementofficershaveusedfingerprintsasaformofidentificationforyears.Afingerprintreaderoperatesonthesameprinciples,buttheentireprocessisdigitized.Everyone’sfingerprintsareuniquetothem.So,byanalyzingtheridgesandpatternoftheprint,fingerprintscannerscreateadigitalmodelwhichiscomparedagainstfutureattemptstoauthenticate. Pros: Usedinmanyindustries Amongthemostubiquitousmodalities Cons: Performancecansufferduetothequalityofthefingerprintorcurrentconditions,suchaswetordirtyfingers. EyeRecognition Contrarytopopularbelief,thereareactuallytwomethodsofscanningtheeyeforthepurposesofauthentication.Thescanleveragesirisrecognitionorretinarecognitiontoidentifyusers. Inaretinalscan,theauthenticatorshinesalightbrieflyintotheeyetoilluminatetheuniquepatternofbloodvesselsintheeye.Bymappingthispattern,theeyerecognitiontoolcancompareauser’seyesagainstanoriginal.Irisscansworksimilarly,buttheyanalyzethecoloredringsfoundintheiris. Pros: Insomeimplementations,eyerecognitioncanbeasfastandaccurateasfacerecognition(thoughlessuser-friendly). Cons: Itcanbedifficulttogetasampleforcomparisonwheninsunlight(pupilscontract). Dependingontheimplementation,itcanrequirespecializedhardware. VoiceRecognition Voicerecognitionanalyzesthesoundoftheuser’svoice.Eachperson’suniquevoiceisdeterminedbythelengthoftheirvocaltractandtheshapeoftheirnose,mouth,andlarynx.Allthesefactorsmakeanalyzingtheuser’svoiceastrongmethodofauthentication. Pros: Offersaconvenientauthenticationexperience Somesoftwareprovidesaphrasefortheuser Cons: Backgroundnoisecandistortrecordings. Thecommoncold,bronchitis,orothercommonillnessescandistortthevoiceanddisruptauthentication. Inpublicscenarios,apersonmayfeeluncomfortablespeakingoutloud(suchasonatrainorbus). BiometricAuthenticationUseCases Biometricauthenticationisbeingusedinawidevarietyofapplicationsacrossmanyindustries.Herearejustafewexamplesofhowtheseindustriesareemployingtheuseofbiometricstoimprovesafetyandefficiencyofexistingprocesses. TravelandHospitality: Selectairlinesandairportsareofferingtheirpassengerstheoptiontocheckintotheirflightusingfacialrecognition.Similarly,hotelsandhospitalitycompaniesarebeginningtoenableself-check-inusingbiometricauthentication. BankingandFinancialServices: Securityandauthenticationisessentialinmanyindustries,butparticularlysoinmobilebanking.Financialinstitutionsareleveragingbiometricauthenticationaspartoftwo-factorauthenticationormulti-factorauthenticationstrategytoprotectthebankanditscustomersfromaccounttakeoverattacks. Blog PasswordlessBanking:ADeeperLookatBiometricAuthenticationandLivenessDetection ArecentVisasurveyofU.S.consumersfoundthatthemajorityofrespondentspreferredbiometricauthenticationtopassword-basedauthentication.SeniorProductMarketingManager,SamBakken,exploreswhybiometricauthenticationmaybecomeindispensableforbanksusinganOctober2019Gartnerreport. ReadMore Healthcare: Biometricauthenticationintheformoffingerprintscanners,irisscanners,andfacialrecognitioncanhelphospitalsconfirmthepatient’sidentity,ensurecaregivershaveaccesstotherightmedicalinformation,andmore. BiometricsMythsBusted Thoughbiometricauthenticationsystemsaregainingpopularityinthesecurityspace,therearestillseveralprevailingmythsaroundbiometricsthatareslowingadoption.Herearefourofthemostsignificantmisconceptionsaroundbiometricauthentication: Myth–Biometrictechnologyisaninvasionofprivacy:Thereisasignificantdistinctionbetweenbiometricauthenticationoptionsthatrequiretheusertoopt-inandfacialrecognitiontechnologydeployedinpublicspaces.Biometricauthenticationsolutionsrequiretheuser’sconsentbytheirverynaturesincetheusermustfirstenrolltheirbiometric.Inaddition,photographicimagesoffacesarenotstoredinadatabase.Rather,amathematicalmodelofthefaceisencryptedandkeptonfileforcomparisonpurposes.Itisessentiallyuselesstoanattackerevenifitwerestolen.   Myth–Biometricidentificationcanbefooledbystaticimagesandphotographs:Thismayhavebeentrueinolderorlesssophisticatediterationsofauthenticationtechnology.However,modernbiometricauthenticationsolutionsincludelivenessdetectioncapabilitiesthatcandiscernwhetherthebiometrictraitpresentedisauthenticoramask,model,image,orevenavideo.Toauthenticate,theusermaybeaskedtoblinkorturntheirhead,butotherlivenessdetectioncapabilitiesworkentirelyinthebackground.   Myth–Biometricmodelsexpireastheuseragesorfeatureschange:Theconcernisthatasauserages,theirfacewillchangeslowlyovertimeuntilitnolongerregistersasamatch.Inbiometricauthenticationapplications,theuseristypicallyauthenticatingregularlyenoughthatthesesmallchangesinappearancewillnotbelargeenoughtoinvalidatethematch.Instead,themathematicalmodelwillbeupdatedasitrecognizeschangesinappearance. Biometricidentificationisonlyapplicableiftheuserisalreadyknown:Behavioralbiometricsanalyzethewaysinwhichanindividualuserinteractswiththeirdevice.Howtheyholdtheirphone,swipe,typeontheirkeyboard,andmorecanbeusedtodevelopaprofilewithwhichtoauthenticateauserordeterminerelativeriskofatransaction.Forexample,inanewaccountopeningscenario,behavioralbiometricscancomparetheapplicant’sbehavioragainstarepresentativepoolofusersto determinewhetherthenewapplicantappearstobeagenuine,legitimateuserorabotorattacker.  Learnmoreaboutbiometricauthenticationmythsinthisvideo:  Getintouchwithus Getintouchwithoneofoursecurityexpertstolearnmoreabouthowoursolutionscanhelpwithyourdigitalsecurityneeds ContactUs ContactSales Thiswebsiteusescookiestoimproveyouruserexperience,functionalityandperformanceandrenderourservices.Youcanfindourcookiepolicyat:https://www.onespan.com/cookie-policy/ OK,Iagree ContactUs ThankyouforyourinterestinOneSpan'sproductsandservices.Ifyouwouldliketolearnmore,orhavequestionsandwishtospeaktoarepresentative,pleasetakeamomenttocompleteourformandwewillcontactyoushortly. × PhoneComments IndustryInterest SelectCountry...*UnitedStatesUnitedKingdomCanadaAfghanistanAlandIslandsAlbaniaAlgeriaAmericanSamoaAndorraAngolaAnguillaAntarcticaAntiguaandBarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBYBahamasBahrainBangladeshBarbadosBelgiumBelizeBeninBermudaBhutanBolivia,PlurinationalStateofBonaire,SintEustatiusandSabaBosniaandHerzegovinaBotswanaBouvetIslandBrazilBritishIndianOceanTerritoryBruneiDarussalamBulgariaBurkinaFasoBurundiCambodiaCameroonCapeVerdeCaymanIslandsCentralAfricanRepublicChadChileChinaChristmasIslandCocos(Keeling)IslandsColombiaComorosCongoCongo,theDemocraticRepublicoftheCookIslandsCostaRicaCoted'IvoireCroatiaCuraçaoCyprusCzechRepublicDenmarkDjiboutiDominicaDominicanRepublicEcuadorEgyptElSalvadorEquatorialGuineaEritreaEstoniaEthiopiaFalklandIslands(Malvinas)FaroeIslandsFijiFinlandFranceFrenchGuianaFrenchPolynesiaFrenchSouthernTerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeardIslandandMcDonaldIslandsHolySee(VaticanCityState)HondurasHongKongHungaryIcelandIndiaIndonesiaIraqIrelandIsleofManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea,RepublicofKuwaitKyrgyzstanLaoPeople'sDemocraticRepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMacedonia,theformerYugoslavRepublicofMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshallIslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia,FederatedStatesofMoldova,RepublicofMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNewCaledoniaNewZealandNicaraguaNigerNigeriaNiueNorfolkIslandNorthernMarianaIslandsNorwayOmanPakistanPalauPalestine,StateofPanamaPapuaNewGuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuertoRicoQatarReunionRomaniaRussianFederationRwandaSaintBarthélemySaintHelena,AscensionandTristandaCunhaSaintKittsandNevisSaintLuciaSaintMartin(Frenchpart)SaintPierreandMiquelonSaintVincentandtheGrenadinesSamoaSanMarinoSaoTomeandPrincipeSaudiArabiaSenegalSerbiaSeychellesSierraLeoneSingaporeSintMaarten(Dutchpart)SlovakiaSloveniaSolomonIslandsSomaliaSouthAfricaSouthGeorgiaandtheSouthSandwichIslandsSouthSudanSpainSriLankaSurinameSvalbardandJanMayenSwazilandSwedenSwitzerlandTaiwan,ProvinceofChinaTajikistanTanzania,UnitedRepublicofThailandTimor-LesteTogoTokelauTongaTrinidadandTobagoTunisiaTurkeyTurkmenistanTurksandCaicosIslandsTuvaluUgandaUkraineUnitedArabEmiratesUnitedStatesMinorOutlyingIslandsUruguayUzbekistanVanuatuVenezuela,BolivarianRepublicofVietnamVirginIslands,BritishVirginIslands,U.S.WallisandFutunaWesternSaharaYemenZambiaZimbabwe SelectState...*AlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNewHampshireNewJerseyNewMexicoNewYorkNorthCarolinaNorthDakotaOROhioOklahomaPennsylvaniaRhodeIslandSouthCarolinaSouthDakotaTennesseeTexasUtahVermontVirginiaWashingtonWestVirginiaWisconsinWyoming SelectProvince...*AlbertaBritishColumbiaManitobaNewBrunswickNewfoundlandandLabradorNorthwestTerritoriesNovaScotiaNunavutOntarioPrinceEdwardIslandQuebecSaskatchewanYukon SelectanIndustry...*Aerospace/DefenseAutomotive/AutofinanceFinancialServicesPaymentServicesBankingBanking-RetailBanking-CorporateBanking-WealthCreditUnionConstructionEducationEntertainmentFood&BeverageGovernmentGovernment-FederalGovernment-State&LocalGovernment-DefenseHealthcareHospitality&TourismHRServices/HumanCapitalServicesInsurance-GeneralInsurance-HealthInsurance-LifeInsurance-ReinsuranceInsurance-AgencyLegalManufacturingMediaNon-profitOil&GasOnlinegamingPharmaceuticals&ResearchRealEstateRetailServicesTransport&LogisticsTechnologyTechnology/ICTTechnology-FinTechProviderTechnology-SoftwareDevelopmentTechnology-IntegratorTechnology-DistributionTelecomUtilities/EnergyOther IdentityVerificationAgreementAutomationSignatureAccountOpeningAuthenticationFraudAnalysisMobileAppSecurity Consentbox IwouldliketoreceivecommunicationsfromOneSpanandconsenttotheprocessingofmypersonaldata.IunderstandImayunsubscribeatanytime. Toviewhowweprocessandmanageyourpersonalinformation,pleasevisitourPrivacyStatement. SubmitWrapper Submit Leavethisfieldblank Lookingfortechnicalsupport? Forcurrentclientsseekingtechnicalsupport,pleasecallourtechnicalsupportcenterinyourregionorlogintooursupportportal.