Biometric Authentication Is The Future; But Also The Past
Password authentication has long been the go-to method for securing online accounts, but password-based authentication has its limitations.
Passwords can be easily forgotten, stolen, and sometimes guessed or brute-forced which puts our online lives and sensitive information at risk. Although password managers and multi-factor authentication have been used to patch the security gaps presented by passwords, the approach presents fundamental flaws.
Biometric authentication, on the other hand, is a futuristic technology that uses each person’s unique biological characteristics, such as fingerprints, voice, face, and even their movement patterns to verify their identity.
The expectation is that science fiction is correct and we won’t have to use passwords in the future. However, can biometric authentication really stand up to the test and become the dominant long-term secure authentication solution?
Biometric authentication offers several advantages. First, it provides a higher level of security by relying on unique biological features that are technologically difficult to replicate or fake. Second, it is more convenient for users, as they do not need to remember a long list of complex passwords or go through the hassle of resetting them. Instead they just need to be themselves. Thirdly, biometric authentication can also be faster than traditional authentication methods, as it takes place almost instantly without the need for typing in a password.
In addition to these benefits, biometric authentication has also penetrated various industries such as banking, healthcare, and law enforcement.
For example, it can be used to secure medical records, prevent identity theft, observe your buying patterns, and identify criminals through facial recognition technology.
Another interesting way to think about biometric identification is that it’s actually older than advanced technology itself. We tend to think about biometric authentication as a futuristic technology – the invention of science fiction and spy movies – but the fact is that biometric authentication has been around as long as society.
Facial recognition doesn’t need a computer to work; a security guard sitting at a desk can do a fairly good job at recognizing who lives or works in a building and who doesn’t. However, technology driven forms of biometric identification offer many more secure, reliable, convenient, and efficient solutions.
As technology continues to evolve, we can expect to see even more advancements in biometric authentication that will further enhance its usability and security.
The market for biometric systems had a value of around $43 billion in 2022. It is predicted that the market would grow quickly in the next years, reaching a value of 83 billion dollars by 2027. Check the graph below for the exact details.
Types of Biometric Authentication
There are several types of biometric authentication, each relying on different biological characteristics to verify a user’s identity. Here are some of the most common types of biometric authentication and a description of the technology used to support them.
Fingerprints have long been a convenient way to identify people. In fact, fingerprints as evidence in a criminal investigation occurred in Argentina in 1892. Today, this type of biometric authentication scans the unique ridges and valleys on a person’s fingertips to verify their identity.
Most cell phones these days come with a fingerprint reader and we are all used to bypassing our mobile phone’s pin number with our thumb to unlock our phone. Fingerprint-based biometric authentication has become a popular method of securing a wide range of devices and services such as:
- Smartphones: Many smartphones, such as Apple’s iPhone and Samsung’s Galaxy series, feature fingerprint scanners that can be used to unlock the device, log into apps, and authenticate mobile payments.
- Laptops: Some laptops, such as Apple’s Macbook Pro, Lenovo’s ThinkPad, and Microsoft’s Surface Pro, feature fingerprint scanners that can be used to log in to the device and authenticate online accounts.
- Door Locks: Biometric door locks that use fingerprint authentication are becoming increasingly popular for homes and businesses, offering a more secure and convenient way to access a property than a 4 digit passcode.
- USB Drives: Some USB drives, such as the Kingston DataTraveler Locker+ G3, feature fingerprint scanners that can be used to unlock the device and access encrypted files.
- Payment Systems: Many payment systems, such as PayPal and Venmo, offer fingerprint authentication as a more secure way to verify transactions and prevent fraud.
- Time Clocks: Fingerprint-based time clocks are becoming popular for businesses that want to automate employee time tracking and forgo the old fashioned paper punch-card or force their employees to remember yet another ID number.
- Healthcare Devices: Some healthcare devices, such as blood glucose monitors, offer fingerprint authentication as a more secure way to access patient data and prevent unauthorized access.
- Automobile Keys: Tesla is reportedly going to allow iPhone owners to use their device’s fingerprint recognition Touch ID sensor as a key to unlock and start their cars.
Recognizing someone’s face is the oldest form of authentication in human society. The security guard at an apartment building often knows the residence personally, and bouncers at the local pub are tasked with comparing each young patron’s likeness to a driver’s license.
However, the modern version of facial recognition uses sophisticated algorithms to analyze and compare the unique features of a person’s face, such as the distance between the eyes, the shape of the nose, and the contours of the jawline.
This type of biometric authentication can be done using a basic 2D camera or a 3D scanner. Facial recognition-based biometric authentication is becoming increasingly popular, especially in the field of security and surveillance.
Here is a list of products that incorporate facial recognition-based biometric authentication:
- Smartphones: Many smartphones, such as Apple’s iPhone X and Samsung’s Galaxy S series, feature facial recognition technology that can be used to unlock the device and authenticate mobile payments.
- Laptops: Some laptops, such as the Dell Latitude 7400 2-in-1 and Lenovo Yoga 9i, feature facial recognition technology that can be used to log in to the device and authenticate online accounts.
- Security Cameras: Facial recognition is being incorporated into security cameras and surveillance systems, allowing law enforcement to quickly identify and track suspects.
- Payment Systems: Modern payment systems, such as Mastercard’s Identity Check, are using facial recognition to authenticate transactions and prevent fraud.
- Retail Stores: Some retail stores are using facial recognition to identify customers and offer personalized shopping experiences, and to identify repeat offender shoplifters to reduce loss due to theft.
- Airports: The next time you are at the airport don’t be surprised if you are stopped at a checkpoint on your way through customs and asked to stand in front of a computer terminal for a face scan. Many countries are adapting the technology to reduce the potential for identifying fraud and illegal immigration using stolen passports, or criminals buying passports from other people. Other than for security facial recognition being used at airports for security and immigration purposes, allowing travelers to more quickly and easily pass through checkpoints.
Iris Recognition and Retina Scanning
Scanning someone’s eyes is a next level authentication mechanism that most people have only ever seen in science fiction and spy movies. Here in reality, these technologies are only used for high security scenarios that require bulletproof accuracy such as biotech laboratories, data centers, and government facilities.
Iris recognition involves the use of the colored part of the eye, known as the iris, for identification. On the other hand, retina scanning involves the use of the unique pattern of blood vessels at the back of the eye, known as the retina, for identification.
In iris recognition, a high-resolution camera captures an image of the iris and uses software to identify unique features such as patterns, colors, and textures. In retina scanning, a low-intensity infrared light is used to capture an image of the retina, and the unique pattern of blood vessels is analyzed.
Iris recognition and retina scanning are both very accurate biometric technologies, however iris recognition is typically thought to be more accurate due to the higher degree of variability in our eye’s iris than in our retinal blood vessels.
Iris recognition is also generally considered to be more user-friendly than retina scanning, because it only requires the individual to look into a camera, while retina scanning involves the user placing their eye up close to a device for several seconds.
Voice recognition uses the unique characteristics of a person’s voice, such as pitch, tone, and accent, to verify their identity. After a person’s voice has been captured, it is analyzed and compared to a database of previously recorded voice patterns.
Voice recognition is actively used today for major banks and telecoms to combat identity theft fraud where attackers try to gain unauthorized access to someone’s account. Next time you call for support you may hear them notify you that your call will be recorded and used for voice recognition authentication. Considering the total costs of fraud these days, it makes sense that the bank wants to use every advantage they have to ensure they aren’t sending money to a criminal, or changing a customer’s account settings to benefit a cyberattacker.
The first commercial voice biometric system was developed by the UK-based company, Eureka, in 1994. Today, voice biometric technology can be used to detect emotional states, such as stress or anxiety, based on changes in a person’s voice.
In the future, voice biometrics will not only be used to tell people apart, but will also be used in healthcare to monitor patients’ emotional well-being remotely, or in security, where it could be used to detect when someone is behaving suspiciously.
This type of biometric authentication uses the unique behavioral patterns of a person, such as typing rhythm, mouse movement, and even the way they hold their phone, or walk down the street to verify their identity. A good old fashioned signature is another very common form of behavioral biometrics that humans have used for centuries to verify someone’s identity and authorization.
However, the modern version of biometric authentication consists of technology such as software that tracks and analyzes our patterns or movement and is more reliable for verifying someone’s identity than eyeballing a signature like your elementary teacher did to verify that you really missed class because you were sick.
Overall, biometric authentication is a very convenient way to verify the identity of users that doesn’t require any user cooperation or interaction. With advancements in technology, we can expect to see more sophisticated uses of biometric authentication in the future.
Can Biometric Authentication Be Defeated?
As biometric authentication becomes more widespread, concerns about the technology’s vulnerability to attacks and fraud have also increased. While biometric authentication is generally considered to be more secure than traditional password-based authentication, it is not foolproof or hack-proof.
But, in what ways can biometric authentication technologies be defeated today? And what developments in technology may put biometric authentication at risk of being defeated in the future?
First of all, it’s important to recognize that there might never be a perfect form of authentication. Afterall, is anything really perfect? Passwords certainly aren’t perfect by themselves, but combined with multi-factor authentication we can come close to implementing a bullet-proof authentication solution. That being said, here are some ways that technology can be used to defeat biometrics:
By creating a fake biometric sample, such as a replica of a fingerprint or a 3D-printed mask of a face, a biometric sensor can be tricked into falsely authenticating someone as the genuine user.
These attacks can be successful, especially if the biometric sensor is not sophisticated enough to detect the fake sample. Furthermore, if the biometric data can be stolen, cybercriminals can potentially use the data to impersonate the genuine user and gain access to protected resources.
Advances in machine learning and artificial intelligence have also made it possible to create high quality, realistic sounding fake videos and audio voice samples known as “deep-fakes”.
Deep-fakes are good enough to convince many people that the synthetic images or videos of a person are authentic. This means they might even be good enough to fool voice and facial recognition systems and undermine the security of biometric authentication systems that rely on facial or voice recognition.
Threats of Physical Harm
Finally, there is also a risk of coercion. As horrible as it sounds, an attacker could possibly force the user to provide their biometric data, by threatening them or their loved ones with physical harm.
While this type of forceful strategy can also be used to extract passwords, secrets, or even physical keys or tokens, it remains a concern that biometric authentication such as facial and voice recognition, fingerprints, and iris scans in most cases don’t provide any additional protection to stop the bad guy.
Wrapping It All Up
Biometric authentication is not actually such a new concept. People have been using simple facial recognition, signatures, and fingerprints to verify someone’s identity for a long time. Also, in the modern digital era, passwords present significant problems when it comes to protecting someone’s online accounts.
The introduction of password managers have made password-based authentication more secure by removing the burden of remembering a million complex passwords, but the fact is that passwords are also notoriously inconvenient.
Modern advanced technologies now offer numerous alternatives to this password authentication, such as fingerprint, facial, and voice recognition, eye scanning technologies such as iris recognition and retinal scanning, and behavioral biometrics.
Although they aren’t foolproof, in high-security scenarios, these biometric alternatives are already the preferred method of authentication, and in the future, biometric authentication will certainly continue to grow in popularity due to its increased accuracy and convenience.
But, as biometrics grow in popularity and find new use cases, they also protect an increasingly attractive amount of value. This value will lead criminals, hackers, and all ’round bad actors to look for new ways to defeat them and only time will really tell whether biometric authentication will stand the test of time.