Biometrics … All Good?

Author: Colin Whittaker

Aiming to provide convenient and effective security with biometric authentication

Biometric authentication is increasingly in the news as vendors compete with alternative approaches to knowledge-based methods for identity verification (for example, in relation to financial services applications). 

The goal is to provide convenient and effective access security without the pain of password management.

Biometric traits

The good news is that there are many biometric traits which are sufficiently unique to theoretically distinguish between individuals …

  • Fingerprint
  • Voice
  • Face (geometry / thermogram)
  • Ear (geometry)
  • Hand (palm-print / geometry / vein / thermogram)
  • Dynamics (Gait / Keystrokes / Signature)
  • Iris
  • Retina
  • DNA
  • Odour
  • Cardiac rhythm / pulse

…. though DNA cannot be used to distinguish between identical twins.

These clearly vary in terms of their suitability for mobile / wearable applications, but the technical practicalities of collecting, analysing and storing the most useful of these (fingerprint, voice, face) have now largely been solved.

Improvements in AI and smart device technology

The ‘matching performance’ of biometric technology has steadily improved as sensor resolution, computing power and AI technology have evolved – particularly in smart devices.

Although biometric matching error rates (false matches and false non-matches) are rarely published,  the available evidence is that while unimodal (single trait) biometric matching accuracy is less than the ‘six sigma’ threshold (99.997%), multimodal matching (using a combination of traits) can improve significantly on this.

Presently, biometric authentication (especially multimodal) can provide a convenient (and low-maintenance) method of securing access to financial / banking applications – but may need to be supplemented by more traditional password-based authentication for high-value / high-impact interactions.

The combined benefits of passwords and biometrics

Strong passwords have their role to play: Over 8 billion* unique passwords can be generated from just 5 characters, and over 7 quadrillion** from just 8 characters.  

The fact is that both (biometrics and passwords) are imperfect (i.e. can be intercepted/discovered and copied).

Passwords are ‘private’/’secret’  – whereas biometrics are ‘public’/’observable’.

Passwords can be temporary (e.g. OTP), cancellable and replaceable – but also forgettable!

Biometrics tend to persist – which can be a problem if ever compromised.

Both have a role to play in financial services authentication, and are particularly effective when used in combination.

 

*There are 8,153,726,976 permutations ( 965) of 5 characters from 26 uppercase and 26 lowercase letters, 10 digits and 34 special characters  ( e.g. ` ! ” ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | < , > . ? / ) … (repetitions allowed)

** There are 7,213,895,789,838,336 permutations of 8 characters. A quadrillion is 1×1015

18 Mar 2015

Author: Colin Whittaker

Aiming to provide convenient and effective security with biometric authentication

Biometric authentication is increasingly in the news as vendors compete with alternative approaches to knowledge-based methods for identity verification (for example, in relation to financial services applications). 

The goal is to provide convenient and effective access security without the pain of password management.

Biometric traits

The good news is that there are many biometric traits which are sufficiently unique to theoretically distinguish between individuals …

  • Fingerprint
  • Voice
  • Face (geometry / thermogram)
  • Ear (geometry)
  • Hand (palm-print / geometry / vein / thermogram)
  • Dynamics (Gait / Keystrokes / Signature)
  • Iris
  • Retina
  • DNA
  • Odour
  • Cardiac rhythm / pulse

…. though DNA cannot be used to distinguish between identical twins.

These clearly vary in terms of their suitability for mobile / wearable applications, but the technical practicalities of collecting, analysing and storing the most useful of these (fingerprint, voice, face) have now largely been solved.

Improvements in AI and smart device technology

The ‘matching performance’ of biometric technology has steadily improved as sensor resolution, computing power and AI technology have evolved – particularly in smart devices.

Although biometric matching error rates (false matches and false non-matches) are rarely published,  the available evidence is that while unimodal (single trait) biometric matching accuracy is less than the ‘six sigma’ threshold (99.997%), multimodal matching (using a combination of traits) can improve significantly on this.

Presently, biometric authentication (especially multimodal) can provide a convenient (and low-maintenance) method of securing access to financial / banking applications – but may need to be supplemented by more traditional password-based authentication for high-value / high-impact interactions.

The combined benefits of passwords and biometrics

Strong passwords have their role to play: Over 8 billion* unique passwords can be generated from just 5 characters, and over 7 quadrillion** from just 8 characters.  

The fact is that both (biometrics and passwords) are imperfect (i.e. can be intercepted/discovered and copied).

Passwords are ‘private’/’secret’  – whereas biometrics are ‘public’/’observable’.

Passwords can be temporary (e.g. OTP), cancellable and replaceable – but also forgettable!

Biometrics tend to persist – which can be a problem if ever compromised.

Both have a role to play in financial services authentication, and are particularly effective when used in combination.

 

*There are 8,153,726,976 permutations ( 965) of 5 characters from 26 uppercase and 26 lowercase letters, 10 digits and 34 special characters  ( e.g. ` ! ” ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | < , > . ? / ) … (repetitions allowed)

** There are 7,213,895,789,838,336 permutations of 8 characters. A quadrillion is 1×1015