We are certainly seeing signs that biometric technology is headed for mainstream deployment. Just this month, Google confirmed that it will start replacing passwords as a method of verifying identity for 1.7 billion Android users. This follows news from May that Microsoft will replace Windows 10 Passwords for 800 million users.
As consumers and enterprises start to embrace a passwordless future, it is helpful to understand the core features and functions that are essential to the successful adoption and use of biometrics for authentication.
Following are 9 things to look for:
Technology that keeps up. Biometric technology such as voice verification and face recognition have been around for some time, but AI and efficient machine learning algorithms enable unprecedented speed and accuracy. With biometrics evolving at a rapid pace, it’s important to work with a team that has deep expertise and invests heavily in ongoing research and development to implement the latest advances and continually improve performance.
Liveness detection. Whereas voice and face recognition technologies answer the question “is this the right person?” liveness detection differentiates between a real person and a presentation attack, also known as spoofing. Spoofing can be accomplished using recorded or synthesized voice, high resolution photos, video and more. Detecting spoofing is critical to any biometric authentication and identity verification process not supervised by a person, such as those used by banks during remote customer onboarding.
But not just any liveness detection will do – insist on a passive approach. Traditionally, stronger security in the authentication process comes at the expense of convenience. This is also true for most liveness detection products, which require active participation in the form of users following prompts to turn their heads, blink, move within a frame on their mobile device, etc. Passive liveness detection, like that provided by ID R&D, is a software-based, non-device dependent technology that works transparently in the background to determine liveness in milliseconds. It’s fast and effortless for users while being transparent to fraudsters.
Cross-channel biometric print enrollment. Biometric authentication requires users to opt-in and subsequent enrollment of their voice, face or other biometric print. Successful user adoption requires enrollment to be straightforward and quick. As enterprises look to an omni-channel authentication strategy across mobile apps, web, chatbots, etc. It is a best practice to deploy a solution that requires a single enrollment with automatic calibration for use on various channels. Unlike ID R&D, most solutions do not currently support this capability.
Multi-modal biometrics and “step up” security. Different use cases require different levels of security. When authenticating users who are accessing sensitive information or financial transactions, the ability to layer biometrics enables significantly stronger security. ID R&D’s SafeChat solution is an example of this. It combines five layers of biometrics to provide highly secure, continuous authentication for virtual assistants and chatbots.
For many companies, biometric adoption will be an evolution. If this is the case for you, look for a solution that makes it easy to turn today’s traditional username and password logins into a two-factor authentication with virtually no added effort for the user. For example, our IDSquared solution uses face recognition and behavioral biometrics to verify the user’s identity as they type their login info.
Algorithm portability. To serve multiple channels and use cases in a modern enterprise with various security standards, such as FIDO, you need the flexibility to run biometric algorithms on device and on a server without sacrificing accuracy or performance. Biometric software needs to be especially compact for mobile apps and devices. ID R&D’s biometric suite of software meets this requirement with the exception of facial liveness which currently only runs on server.
Protection of biometric data. As mentioned earlier, users opt-in to using biometric authentication and enroll their voice, face or behavioral prints. It’s important to understand how your provider stores this data. Most solutions today encrypt biometric prints similar to how passwords are hashed. This means that if someone were to gain access to the files, they would be virtually useless. Also understand where encrypted files are stored. In the case of ID R&D, all biometric data is stored on our customers’ premises, in their cloud or on their users’ devices — never by us.
Zero-effort UX. Authentication plays a significant role in customer experience. Biometric authentication goes a long way in removing frustrations associated with passwords, knowledge-based authentication and cumbersome 2FA practices, but it too can introduce friction if not deployed with the UX in mind.
Continuous Authentication. A zero-effort UX not only creates a great user experience, it also enables higher security by delivery continuous authentication — something security industry analysts strongly recommend. Biometrics enable a user’s identity to be verified in the background at every interaction when customers are using your app, not just at the time of login. They simply type on a keyboard or issue voice commands, enabling you to continually check identity.
In summary, biometrics are surpassing traditional authentication methods in terms of security and convenience. Well-architected solutions will build trust with consumers, demonstrate measurable value for the enterprise and continue to fuel demand.
If you would like to discuss the path you are on or how to get started, let us know.