You’re undoubtedly familiar with getting into a system by typing in a password. Sometimes, though, that method alone is not sufficiently secure. Due to this, companies, industries, and individuals use behavioral biometrics, as well.
Behavioral biometrics track what you do when using a device or system. They measure things like how hard you press on the keys when typing or the speed at which you input your password. Here are some recent behavioral biometrics updates that aim to protect user privacy.
Moving toward Multimode Biometrics
Beyond behavior-based biometrics, there are those associated with your physical self, such as fingerprints or your eye’s iris. Some companies also implement gait analysis within biometrics that look at how you walk. However, one of the downfalls of some analytics systems is that they are not foolproof.
For example, a security analyst fooled an iPhone fingerprint scanner by pressing the owner’s fingerprint into a bit of Play-Doh. It was then possible to unlock the phone via the fingerprint scanner by using the indentations in the piece of children’s clay.
The case against traditional passwords — and how biometrics can better secure us https://t.co/6zZOo6s5hR
— TNW (@thenextweb) October 2, 2019
These shortcomings in certain single kinds of biometric methods made security experts anticipate a future where companies use so-called multimode biometrics. This approach to authenticating users means a system relies on several biometric methods — including some related to user behavior. For example, imagine a person sitting down at a computer and using a fingerprint scanner, plus having to type a few sentences on a keyboard.
Using multimode biometrics means that if one measurement method gets fooled, there’s still at least one more to check a person’s identity. This could give company leaders more peace of mind if they’re interested in using behavioral biometrics but have some hesitations.
Using AI to aid Behavioral Biometrics
Artificial intelligence (AI) and related technologies, like machine learning, appear poised to increasingly factor in behavioral biometrics tools. Many behavioral biometrics use keystroke dynamics to authenticate users. You can think of it as the digital version of handwriting analysis. Some people type faster on the right side of the keyboard versus the left, or always use the caps lock key to capitalize a word instead of using the shift key.
Many AI platforms learn what’s normal for an individual user or a group, then provide alerts when something about incoming data strays from what’s typical. It’s easy to understand why AI is such a good fit for behavioral biometrics.
— Biometric Update (@BiometricUpdate) November 11, 2019
Fico, an analytics company based in the United States, recently acquired EZMCOM, which provides behavioral analytics. The companies intend to bring about AI-driven behavioral biometrics, including an option that blends keystroke analytics with machine learning.
It will likely take a while for AI behavioral biometrics to become widely available. Nevertheless, it’s smart to stay abreast of any relevant innovations and how they might improve both security and user experience.
Choosing passive behavioral biometrics to determine probabilities
There are active and passive behavioral biometrics. With the active variety, a user has to present a behavioral biometrics sample to get access to a service or platform. Passive biometrics get collected transparently as a user starts to interact with a system.
Mastercard is one of the major brands investing in passive biometrics. The goal is to determine the probability that the authenticated user is present during the respective interactions. The credit card provider’s system evaluates more than 300 signals to make a conclusion. They include how a person navigates around a site on their device or the amount of pressure they put on a touch-sensitive screen.
Hello, thanks for reaching out. Mastercard has implemented new security and authorization solutions, including chip migration, tokenization and biometrics as well as early detection systems to minimize the need for cardholder signatures in fraud prevention.
— Mastercard (@Mastercard) April 16, 2018
Passive behavioral biometrics measurements also allow catching some strange behaviors that might not immediately become apparent through small samples of data. For example, if a person typically uses the scroll wheel on a mouse to navigate, but then switches to using keyboard commands, that change could indicate someone else has gotten access to a system and is using it fraudulently.
Keep in mind that passive and active biometrics both have associated pros and cons. No single method works best in every case.
However, the use of passive biometrics to gauge probabilities is relatively new. Since well-known brands like Mastercard are working with it, there’s a good chance this option will become even more prominent. Banks with digital platforms often use it to keep people safe without appearing disruptive.
Exciting Things on the Horizon
This sampling of changes in behavioral biometrics shows that the technology is continually improving. As time passes, expect more of the same as companies figure out how to safeguard privacy.
Photo credits: The feature image has been taken by Charles.
Sources: Marc Chacksfield (TechRadar) / Abhimanyu Ghoshal (TNW News) / Kristina Menzefricke (Frost & Sullivan) / Luana Pascu (BiometricUpdate.com) / Sam Bakken (BiometricUpdate.com)