In the wake of increasing data breaches enabling cyber criminals to steal personally identifiable information of millions of users around the globe, organizations are increasingly looking to use biometric-based authentication systems. Behavioral biometrics is an extension of the same.
Biometric-based authentication systems use voice, iris, vein, retina scans, signature, and even the shape of an individual’s ear to ascertain the true identity of a user. Of these, fingerprints and facial recognition features are already being widely used in today’s smartphones. When it comes to adoption, users are quite comfortable using biometric-based authentication as has been corroborated by an IBM study that says 67% respondents are comfortable and 87% are ready to consider them in the future.
The flip side
However, the coin has the flip side too. While these biometric techniques have enabled businesses to step up authentication, cyber criminals have found a way to get around them. For instance, cyber criminals have reportedly stolen fingerprints and other biometric data in the past and made copies to fool the biometric scanners. Cyber criminals have also come to exploit social media to their advantage. They pick up profile pictures of users and then use them to fool the facial recognition authentication systems.
Recently, it has been revealed that the hard-to-crack biometric technique—vein recognition—is no silver bullet either. Security researchers managed to spoof a palm-vein biometric reader. All it took the researchers to expose the vulnerability of this seemingly in-surmountable technique was a fake hand made out of wax and a modified camera.
Given that cyber criminals have found a way around physical biometrics, it is time to consider behavioral biometrics that provides understanding of the subtle behavioral patterns of the users. These include the way a user holds the phone, exerts pressure on the keys, or the brain wave patterns when a user is thinking. These patterns are unique to users and as such difficult to fake, although not entirely impossible.
To strengthen their security posture, organizations can consider including behavioral biometrics as part of the overall security strategy.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.