What is Biometric Authentication?
Biometric authentication is a form of security that measures and matches biometric features of a user to verify that a person trying to access a particular device is authorized to do so. Biometric features are physical and biological characteristics that are unique to an individual person and can be easily compared to authorized features saved in a database. If the biometric features of a user trying to access a device match the features of an approved user, access to the device is granted. Biometric authentication can also be installed in physical environments, controlling access points like doors and gates.
Common types of biometric authentication are increasingly being built into consumer devices, especially computers and smartphone. Biometric authentication technologies are also being used by governments and private corporations in secure areas, including at military bases, in airports, and at ports of entry when crossing national borders.
Common Types of Biometric Authentication
- Fingerprint Scanners: Fingerprint scanners, the digital version of old-fashioned ink and paper fingerprinting, rely on recording the unique patterns of swirls and ridges that make up an individual's fingerprints. Fingerprint scanners are one of the most common and accessible modes of biometric authentication, though consumer-grade versions, such as those found on smart phones, still have the potential for false positives. Newer versions of fingerprint scanning move beyond fingerprint ridges and below the skin to assess the vascular patterns in people's fingers, and may prove more reliable. Despite their occasional inaccuracy, fingerprint scanners are among the most popular and utilized biometric technologies for everyday consumers.
- Facial Recognition: Facial recognition technology relies on matching dozens of different measurements from an approved face to the face of a user trying to gain access, creating what are called faceprints. Similar to fingerprint scanners, if a sufficient number of measurements from a user match the approved face, access is granted. Facial recognition has been added to a number of smart phones and other popular devices, though it can be inconsistent at comparing faces when viewed from different angles, or when trying to distinguish between people who look similar, such as close relatives.
- Voice Identification: Vocal recognition technologies measure vocal characteristics to distinguish between individuals. Like facial scanners, they combine a number of data points and create a voiceprint profile to compare to a database. Rather than "listening" to a voice, voice identification technologies focus on measuring and examining a speaker's mouth and throat for the formation of particular shapes and sound qualities. This process avoids the security issues that could be caused by attempts to disguise or imitate a voice, or by common conditions such as sickness or time of day that might change the audial qualities of a voice to a human ear. The words a user speaks to access a voice-protected device may also be somewhat standardized, serving as a sort of password and making the comparison of approved voiceprints to a user's unique voiceprint easier, as well as foiling particular ways to bypass voiceprint comparison, such as recording an authorized user saying something unrelated.
- Eye Scanners: Several types of eye scanners are commercially available, including retina scanners and iris recognition. Retina scanners work by projecting a bright light towards the eye that makes visible blood vessel patterns which can then be read by the scanner and compared to approved information saved in a database. Iris scanners operate similarly, this time looking for unique patterns in the colored ring around the pupil of the eye. Both types of eye scanners are useful as hands-free verification options, but can still suffer inaccuracies if subjects wear contact lenses or eye glasses. Photographs have also been used to trick eye scanners, though this method is likely to become less viable as scanners become more sophisticated and incorporate factors like eye movement into their verification schemes.
Biometric authentication methods may also serve as a form of two-factor authentication (2FA) or multi-factor authentication (MFA), either by combining multiple biometric patterns or in conjunction with a traditional password or secondary device that supplements the biometric verification.
Biometrics do still face some obstacles to widespread consumer adoption. Certain biometric technologies are very complicated to program, install, and use, and may require educating consumers to assure they are used correctly.
Security updates are critical to ensure that biometric data and functions continue to work properly. Error rates are still a problem with some biometric measures as well, and frustration with errors may make consumers less likely to adopt biometrics into everyday usage patterns. Despite these risks, biometric authentication is increasingly gaining acceptance across a number of industries that rely on security, and are likely to continue becoming more common in consumer-grade devices and applications.
Ready for the next step?
See More Resources