Behavioral biometrics: the future of online authentication
Biometric authentication - using the human body's unique attributes to prove an individual's identity – has become increasingly common in recent years.
Around the world, millions of people have become accustomed to using their fingerprints, eyes, and faces, in particular, to authenticate themselves when making payments, traveling through airports, and even voting in national elections.
The growth in the use of biometrics over the coming years is likely to be driven particularly by sales of smartphones with built-in fingerprint sensors – more than a billion are forecast to be shipped in 2018.
But the world of digital security never stands still. Cybercriminals are constantly testing the integrity of authentication technology, and even biometric identification methods may be vulnerable.
That's where behavioral biometrics comes in.
How do you do it?
Whereas standard biometrics rely on a part of your body, behavioral biometrics use the unique way you do something to authenticate you.
The main examples of this technology that are currently being developed analyze your gait (the way you walk) and your typing style (speed, keypad pressure, finger positioning, and so on).
Voice recognition technology is also sometimes classed as a form of behavioral biometrics.
This isn't actually a new form of authentication.
When the telegraph was in common use as a means of communication (for almost a century from the 1850s), operators could be recognized by how they transmitted the dots and dashes used in Morse Code.
In today's digital world, behavioral biometrics has the advantage of using something unique to the individual without requiring any change in the user experience.
Moreover, while traditional biometrics usually only address security at the point of login, behavioral biometrics can provide continuous authentication throughout the user's online journey.
Multiple choices
As with most digital security forms, behavioral biometrics is most effective when combined with other forms of authentication. For example, systems that use multi-factor authentication for mobile payments made in stores have been developed.
First, how the person making the purchase uses their phone (for example, how much pressure they use when typing). This information is then combined with the device's IP address and location as part of the authentication process.
For example, if a request to access an account doesn't originate from a phone associated with the phone number on file for that user, the transaction can be refused. Similarly, if the user is logging in from a location known for hacker activity, access can be blocked or stronger authentication requested.
Only if all the authentication measures match will the system confirm that the purchaser is authorized to make this payment.
Although this kind of multi-factor authentication process relies on huge amounts of data and complex algorithms, it all happens in the cloud. In a matter of moments, the experience for the consumer is frictionless.
This is crucial – if authentication solutions are not simple and convenient, they are unlikely to gain widespread acceptance.
The next step
The shift from simple biometrics to behavioral biometric authentication is already underway. Analysts at market research company Technavio forecast that the global behavioral biometric market will grow at a compound annual growth rate of 17.34% between 2016 and 2020.
As more and more products and services move online, the demand for watertight authentication technology will only increase.
As the next step in the evolution of personal identification that began with physical signatures and moved on to PINs and then fingerprint recognition with liveness detection, behavioral biometrics looks set to become a familiar feature of our lives in the coming years.
Related contents:
- Best practice to reduce drawbacks of biometrics
- The future of digital banking authentication: passkeys