What is Biometric Authentication?
Biometric authentication, or Biometric 2FA, refers to the identification of humans by their characteristics or traits. Biometric identifiers are often categorized as physiological versus behavioural characteristics. Physiological characteristics are related to the physical characteristics of a person, such as fingerprint, face recognition, iris recognition, etc. Behavioural characteristics are related to the pattern of behaviour of a person, such as typing rhythm, voice, etc.
Biometric factors contain a large number of unique data points that require sophisticated technology to manipulate, which most imposters don’t have access to. Because of this, many organizations regard biometric authentication as one of the strongest, if not the strongest, method for authenticating users.
Biormetric authentication are not as widely used as other types of authentications such as one-time password (OTP) in multi-factor authentication (MFA), becuase its cost in deployment, enrollment and maintenance is relatively much higher than the others. However, more organisations are adopting biometric authentication because it is more secure and user friendly than the others.
Pros of Biometric Authentication
- Secure - The data that biometric authentication uses has such a large number of variations from one person to the next that it is nearly impossible to be replicated or fabricated.
- Convenient - With biometric authentication, users do not need to carry extra security device (keyfobs, tokens or cards etc). All they need to do is to present their biometric factor (face, fingerprint, voice, etc)
Cons of Biometric Authentication
- Unrecoverable if compromised - Although biometric data is nearly impossible to fabricate, it can still be done. Once a biometric data is stolen, that specific factor can never be used again. For instance, if a user's fingerprint data is stolen and compromised, then the user can never use that fingerprint again.
- Privacy concerns - As biometric authentication use personal data, one of the main concerns is how the operators of the systems, corporations and/or governments, may use that data.