List: Passwords are already being replaced with authentication methods which are harder to crack.
Every human has a set of innate characteristics, and as our online security needs change technology companies are beginning to take advantage of them in authentication.
CBR looks at five of the most important biometrics and their advantages and disadvantages.
Voice is what is called a dynamic biometric, which means that each person’s changes over time. Unlike somebody’s DNA, their voice will change dramatically as part of the natural process of aging.
An innate advantage is that proximity is not required to authenticate through voice.
People often say the same words in different ways, meaning that even on a day-to-day basis the voice biometric shifts.
According to Nuance’s Brett Beranek, Senior Principal Solutions Marketing Manager for Enterprise at Nuance, which specialises in voice biometrics, this changing does not alter the underlying physical characteristics of the voice.
If somebody catches a cold, however, this could affect their larynx and alter these physical characteristics, meaning that the right person could be unable to authenticate.
It has been more challenging to get the technology right because of the need to account for the variations, says Beranek, but the variations are what make the biometric so robust.
It is possible to create a voice print simply by saying, for example, a certain phrase. However, if this is compromised, a new voice print can be created simply by having the individual saying something else.
Beranek stresses that due to the fluid nature of this biometric, it is important to provide a method to remediate it if it fails.
TalkTalk has announced that voice biometrics will be used in place of passwords following a high-profile cyber-attack last year.
The iris, the coloured part of a person’s eye surrounding the pupil, is generally a highly trusted biometric. The complex and random patterns in each person’s iris are unique, making it accurate, easy and quick to test.
Since the eye is an externally visible organ, the iris can be matched using a photograph.
Iris scanners were launched at several UK airports in 2004, and were deployed by Heathrow, Gatwick, Birmingham and Manchester. However, they were eventually scrapped after they were believed to take longer than standard passport checks. Companies such as EyeLock argue that iris scanning will be useful to applications such as the internet of things and driverless cars.
It is a static characteristic, which means that each person can only ever have two different iris images.
The equipment used for iris scanning can require a large amount of storage. It also requires a high degree of proximity.
Fingerprint scanning is one of the most economical biometrics; the technology required is not particularly expensive.
It is also highly portable; only a small camera is required to capture the fingerprint image, meaning that it can be built into mobile devices such as smartphones or wearables.
This makes it a good authentication method for mobile applications on devices where this hardware is available. Password authentication on mobile is generally fairly cumbersome due to the limited typing functionality of the devices.
Apple Pay is one of the most mainstream uses of fingerprint technology in a consumer context; the user simply places their finger on the pad and holds the device up to an NFC terminal to authenticate it.
The fingerprint is another static biometric, meaning that in adult life it is not subject to constant variation. However, it can still change with variations in temperature. It is also not a particularly suitable biometric for children, whose fingerprints change.
4. Facial recognition
Facial recognition is a fairly non-intrusive and cheap technology.
The smartphone is fairly well-suited to performing facial recognition; due to the general public’s penchant for taking ‘selfies’, the front-facing camera on smartphones has received extensive investment from device-makers.
People can therefore look at the device’s screen and determine whether the camera is taking an image of the right part of their face.
Facial recognition is now used at some UK airports at the e-Passport gates. It is also used in MasterCard’s selfie-based payment app.
A possible disadvantage is that the image can be affected by changes in lighting. It is a dynamic biometric, meaning that it will change as a person ages, cuts their hair or puts on glasses.
DNA testing is immensely hard to fool and likely to be accurate, considering that 0.10 percent of a person’s entire genome is unique to them. The chance of 2 individuals sharing the same DNA profile is less than one in a hundred billion if 26 different bands are studied.
However, sophisticated and expensive technology is required to conduct even a basic DNA test. Obviously, since it requires a physical sample, it requires the person to be physically present with the testing equipment and can be a very intrusive way of testing.
There have been steps to develop portable equipment to conduct DNA tests, however. At a 2015 American Association for Clinical Chemistry event, researchers presented a low-cost platform to detect chlamydia that integrates sample preparation, DNA amplification and data processing in an instrument the size of a coffee mug.
The analysis unit integrates with a smartphone, allowing the user to control the platform and process the data with an app.
While it is a different application, the invention suggests that it is possible to build a portable testing unit.