Authentication; Biometry vs. Behavioural analysis

behavioural biometrics signing for authentication

As with all authentication and security measures, the best ones are the ones that are actually used. A major barrier for most end-users is the hassle of passwords, PINs, using VPNs, certificates etc. Biometry and behavioural analysis both aim high for ease-of-use by being as invisible as possible. Rather than being foolproof and unhackable walls, they aim to raise the level of security from “nothing” to “something”.

The everyday use of biometry in authentication has been around for a decade or so, and continues to grow. The first laptop with a fingerprint reader was released around the turn of the millennium, and recently Apple released the Vision Framework that allows iOS apps to utilize face recognition. In essence, it’s a way to make authentication convenient and more or less invisible. When compared to other forms of authentication, biometry wins out by the fact that forgetting or misplacing your body parts is very unlikely.

How unique is a fingerprint?

However, among the weaknesses of fingerprint authentication one can mention that a smartphone with a single registered fingerprint usually gets a false match once in 50 000. Good odds, but most people usually register more than one finger, and the phone will take around ten images of every finger. All of a sudden, creating a “masterprint” that would be able to unlock about 10% of all iPhones is right around the corner. So, is behavioural analysis any better?

Behavioural analysis

Well, not necessarily. Behavioural analysis in authentication terms can include tracing a person’s geographical movements, purchasing habits and online history. It can be completely invisible to the user, but can be considered quite invasive of a person’s privacy. With the European Union’s GDPR in effect, to perform such tracing requires the user’s consent.

As for weaknesses; it’s all a rather inexact science based on more or less public information. If a hacker can figure out something about a person’s hobbies, where he or she works and lives, the hacker can probably make a good attempt at imitating the user’s behavioural analysis patterns. With this in mind, it is easy to understand why behavioural analysis often is used in fraud prevention rather than authentication.

Behavioural biometrics

However, to make things a bit more confusing, there’s also a new hot topic named “behavioural biometrics”. This encompasses things like the speed and force used by a person when typing on a keyboard or using a mouse. This kind of behavioural analysis is both more personally unique, as well as harder to imitate by an attacker.

That is why this is probably something we will see more of in the near future. The demand for more user-friendly security solutions is huge, because, as said, no matter how secure a solution is, it does not work if it is not used.

To learn more, contact us today; | +46 31 10 23 60