IT Security

What is Biometric Authentication?

Biometric Authentication

Biometric authentication is a security process that relies on unique biological characteristics of individuals to verify their identity. Biometric authentication systems compare physical or behavioral traits to those that are stored in their database. An authentication is confirmed when both samples match. Biometric authentication is often used to manage access to physical and digital resources such as buildings, rooms, and computing devices1. Biometric ID uses biometrics such as fingerprints or retina scans to identify a person, and biometric authentication is the use of biometrics to verify that people are who they claim they are. The following technologies are used to digitally identify people: 

  • DNA (deoxyribonucleic acid) matching. People are identified using genetic material. 
  • Retina scans. People are identified by analyzing the pattern of blood vessels at the back of their eyes. 
  • Iris recognition. People are identified based on a picture of their iris. 
  • Fingerprint scanning. People are identified by their fingerprints. 
  • Hand geometry recognition. Identity is verified using a mathematical representation of the unique characteristics of people’s hands. 
  • Facial recognition. Identity is confirmed based on the unique characteristics and patterns of people’s faces. The system uses the 80 nodal points on the human face to create numeric codes called faceprints. 
  • Ear authentication. Identity is verified based on users’ unique ear shapes. 
  • Signature recognition. People are identified through pattern recognition based on their handwritten signature. 
  • Finger vein ID. People are identified based on the vein patterns in their finger. 
  • Gait. Analyzes the way people walk. 
  • Typing recognition. Identity is established based on their unique typing characteristics, including typing speed. 
  • Voice ID. People are identified by their voice based on characteristics created by the shape of the mouth and throat. 

Biometric devices include three components: scanning device (or reader), technology to convert and compare collected biometric data, and a storage database. A sensor, such as a fingerprint reader or retina scanner, measures and captures biometric data. Software processes the collected biometric data and compares is to match points in the stored data. Most biometric data is stored within a central server in a database. 

With all of these interesting methods for identifying and verifying people, biometric authentication certainly piques interest, but it may not be the solution for all organizations. Advantages of biometrics can include security, accuracy, accountability, convenience, scalability, return on investment, flexibility, trust, and time savings. There are also notable potential disadvantages including concerns over biometric data theft, biometric error rates, scanning/processing delays, complexity, scanning challenges (users with physical disabilities, influences of weather, etc.), and costs associated with new technology, additional hardware integration, and training.

Function Creep and Privacy

Another possible disadvantage of biometric authentication is a phenomenon known as function creep. Function creep is when an organization attempts to use the system for functions beyond its original intention, such as using a system designed for signing in and out of the workplace to track exactly where users are the whole time they are there. The concept of function creep could theoretically be a positive process, if the technology is expanded to functions that are beneficial to all. However, many users may worry that function creep could be a process of undermining personal privacy under the guise of security enhancement, leading them to feel the opposite of secure. 

1 Techtarget, 2021, “Definition: Biometric Authentication”