As businesses are evaluating new authentication strategies you may be wondering, what is biometric authentication? And is it the right one for us? Every business is different, so there is no straight-up answer for which authentication process is best for everyone. But what you can do is educate your team on the different types of authentication and evaluate which one works best for you.

Photo by Onur Binay on Unsplash

Cybersecurity Awareness Training for ALL

Take proactive steps to invest in your business’s cyber resilience now to protect your organization from costly data breaches and disruptions. Start easily with our Quickstart Training Bundles. To learn more CLICK HERE.

To put it in even simpler terms, biometrics are biological or physical attributes of an individual. These could include the geometry of your face, the design of your iris, or the pattern on your fingers. Those three physical attributes are commonly chosen due to the uniqueness of each individual, making them perfect for person authentication. 

What is biometric authentication?

Biometric authentication is the use of biological attributes to verify an identity before giving access to an account. The process begins with the collection of the chosen biological attributes, commonly the fingerprint. The system then stores the identified pattern in the system and will request another print or scan when someone tries to access the system. If the given print/scan matches the stored pattern, then the individual is given access. 

Applications for biometric authentication

The most globally and commonly known uses of biometric authentication are right on your iPhone and Mac Computers. The Apple brand is famous for the easy access their Face ID and Touch ID systems offer, which use the process of biometric authentication.

In this case, Apple uses biometrics for convenience for its users, rather than for an extra layer of security. If it was a form of authentication, you’d need to give a password and your face ID. Instead, you only need to give your face scan to enter your device, making this process more of a biometric identification than authentication. 

Here’s how it works: When a user sets up their Apple device, they are asked for a face scan. The Apple TrueDepth camera system scans your face and memorizes the geometric pattern to save for later. The Secure Enclave then processes, encrypts and stores the data given through these scans. The TrueDepth camera then waits for a face to be detected (with their eyes open) and scans the face. It checks if the pattern matches the one originally saved and then gives access. 

Similarly, the Touch ID system uses a fingerprint pad to identify a fingerprint pattern at the start of setup. The Secure Enclave stores the data and when someone requests entry through the fingerprint pad, Touch ID checks if it’s a match. 

When will you use biometric authentication?

Besides during your daily use of your iPhone, you may also see biometric authentication during your work day. Many companies require biometric authentication when entering buildings or certain high-security areas. Similarly to Apple, at the beginning of your onboarding, you’ll be asked for scans of your biometrics. These will then be stored in the company’s network and checked whenever you attempt to enter the area. 

Additionally, businesses may use biometric authentication for any other high-risk scenarios. Businesses may request this additional assurance when completing financial tasks or accessing high-security data. 

What should concern me about biometric authentication?

The most dangerous thing about biometric authentication is that people believe it’s perfect. That’s not true. Scammers can still hack into biometric authentication systems, giving themselves access or locking all employees out of the network. Even something as simple as a cold day or an old device could make the system shutdown. So, the main note about biometric authentication is to use it as authentication, never as the sole identifier. 

The best way to go is always Multi-Factor Authentication, so if data is lost through a breach, employees can still access the system in other ways. Or if an attacker can input their prints into the system, there’s still a second credential needed for them to get in. Biometric authentication is an amazing invention, but it is not infallible. 

Other terms

• Multi-Factor Authentication: The process of verifying an identity uses two different pieces of proof. 
• Identification: The process of establishing what something is. 
• Facial recognition: A type of biometric identification or authentication that scans the geometric pattern of your face. 
• Single Sign On (SSO): A process that allows a user to log in once to access multiple accounts or access one account for a certain period of time on one device. 

In conclusion, biometric authentication is a great option for Multi-Factor Authentication. It’s already being used by the top technology giants, like Apple, but businesses should never use it as the sole identifier like this process. Instead, requires a code and a biometric or a physical ID and a biometric. 

This is a great definition for non-security team members to learn about as it’s a technology they will see commonly in everyday life. Feel free to share this with your team in your #Security Slack channel or regular security correspondence. Stay safe, everyone!