A Thought On Biometric Authentication
Biometric authentication is not mainstream. It's expensive. It's hardware specific. It is also not an all-in-one solution. However, if done right, there is a higher chance that the future would be better with it.
A user ID and password combination contains two types of information: "something about you" and "something you know". With "captcha", you add "something you prove". With two-factor authentication, you also add "something you have". Biometrics is really only one type of information: something about you. In a sense, biometrics is really just a user ID.
Biometrics supposedly identifies an individual uniquely. One or more of fingerprints, irides and facial bone/muscular features/structures information can be combined. Regardless, it all boils down to identifying an individual. They are all just something about you. Security can be stronger if authentication includes something you know.
Adding something you know using biometrics seem possible with voice. However, that also makes it audible to everyone around you. Using patterns that can be drawn or tapped on a photo can also be good, but there's nothing biometric about that. So does eye motion patterns on a photo. Or, a series of verification questions, perhaps. Unless a device can be invented to read/scan your brain to identify a unique personal memory as your "password", something you know will be hard to add in pure biometric authentication.
Adding "something you prove" and "something you have" in biometric authentication may seem unnecessary. However, that doesn't mean you cannot add them anymore. Authentication is more secure as you add more layers to the process. DNA to prove you're human and for something you have, perhaps?
In terms of where we are now, FIDO is your friend. FIDO 1.x is ready. FIDO 2.0 is still in progress, parts of it with W3C. It's a slow process but we are heading towards it. Biometric authentication in all types of applications for server, desktop, mobile, web and IoT will happen. As per FIDO's advise, the FIDO specifications and FIDO certified products are ready to use now. Soon, biometric authentication will be mainstream enough for everyone everywhere.
A user ID and password combination contains two types of information: "something about you" and "something you know". With "captcha", you add "something you prove". With two-factor authentication, you also add "something you have". Biometrics is really only one type of information: something about you. In a sense, biometrics is really just a user ID.
Biometrics supposedly identifies an individual uniquely. One or more of fingerprints, irides and facial bone/muscular features/structures information can be combined. Regardless, it all boils down to identifying an individual. They are all just something about you. Security can be stronger if authentication includes something you know.
Adding something you know using biometrics seem possible with voice. However, that also makes it audible to everyone around you. Using patterns that can be drawn or tapped on a photo can also be good, but there's nothing biometric about that. So does eye motion patterns on a photo. Or, a series of verification questions, perhaps. Unless a device can be invented to read/scan your brain to identify a unique personal memory as your "password", something you know will be hard to add in pure biometric authentication.
Adding "something you prove" and "something you have" in biometric authentication may seem unnecessary. However, that doesn't mean you cannot add them anymore. Authentication is more secure as you add more layers to the process. DNA to prove you're human and for something you have, perhaps?
In terms of where we are now, FIDO is your friend. FIDO 1.x is ready. FIDO 2.0 is still in progress, parts of it with W3C. It's a slow process but we are heading towards it. Biometric authentication in all types of applications for server, desktop, mobile, web and IoT will happen. As per FIDO's advise, the FIDO specifications and FIDO certified products are ready to use now. Soon, biometric authentication will be mainstream enough for everyone everywhere.
Comments
Post a Comment