October 25, 2021
Biometric technology protects the world from identity theft and cybercrimes. It offers an unbreakable way for users to authenticate
with their own unique biometric characteristics. Advances in science, software, hardware, encryption, and regulations have catapulted the integration of biology-based authentication—with no slowdown in sight.
Star Trek introduced biometric authentication to the world as far back as 1966 using voice ID, retina scans, and face recognition on the Starship Enterprise. The Tricorder even scanned vitals to assess medical conditions (we’re not there—yet). Bio-scanners also appeared in Blade Runner, Robocop, Back to the Future, Terminator, Ex Machina, and plenty of other Sci-Fi flicks over the last fifty years.
The vision was there on the big screen because the technology was evolving behind it in real life. Initial exploration in the 1960s gained traction with government funding from the FBI. Standards commissions encouraged the international sharing of biometric science discoveries. Biotech consortia popped up around the world and defense agencies like the DoD moved research into prototype development. At the same time, network and server capabilities advanced, merging siloed databases into a globalized hub. Then, at the turn of the century, security threats and terrorism propelled widespread testing of biometric devices at borders.
Then, in 2013, Apple introduced the iPhone 5S, the first smartphone with TouchID fingerprint authentication. It was a turning point. Biometrics was no longer a high-tech tool used solely by government agencies. It was suddenly part of everyday life. And everyday users liked it—a lot.
Logging in with something you know (passwords, pin codes, pattern codes) or something you had (badges, cards, keys) had always been cumbersome, slow, and prone to breach. Biometric authentication rendered memory work and keeping track of a thing unnecessary. This meant that secondary security measures like two-factor (2FA) SMS codes (that were susceptible to fraud) were no longer needed. Bio-authentication let you log in with something you are.
It took 60 years, but biology-based security as a futuristic concept has been replaced by widespread acceptance and a race to implement biometric tech—today.
How biometric scanners work today:
There are several biomarker traits used to verify identification, but all biometric methods work the same way:
- A scanner sensor records raw biometric data
- The biometric trait is extracted by a processor
- The trait is pattern-matched to a stored trait
- Identity is authenticated or rejected by an encrypted algorithm
Which biometric technology wins the authentication race in 2020?
The short answer is face recognition. The long answer is that some biomarker technologies are taking off more than others in some areas and some are slightly more accurate than others:
The shape of your face creates a “faceprint” where over 80 nodal points identify a user. Incorporated into computer and smartphone screens, there is still room for improvement.
Facial recognition can be prone to false negatives. That’s when your device fails to unlock because you are wearing glasses or makeup, or just due to differences in ambient lighting. Security-conscious organizations handling sensitive data should consider fingerprint or iris scanning for greater protection. —Samsung
Slight angles pose problems which makes focussing on 3D-rendering a priority to prevent photographs from being used to spoof face readers. Improvements in facial recognition are happening fast. In 2014, error rates were as high as 4%. Today that stat is 0.2%. Apple states the odds of a random face tricking its Face ID scanner is roughly 1 in 1 000 000. That’s why, in 2019, facial recognition was integrated into 96 million mobile phones. That number is projected to increase to more than 800 million smartphones by 2024 (90% of smartphones), with overall face technology integration totalling 1.3 billion devices. —Juniper Research.
The swirly ridges of a fingerprint are unique to an individual and that’s why we’ve been using fingerprints as an identity indicator since the 1800s to place criminals at crime scenes. Today, fingerprint scanners are integrated into smartphones. The odds of a fingerprint pattern matching another is as low as 1 in 64 billion (Apple says it’s more like 1 in 50,000—either way, it’s slim). The error rate for fingerprint scanning hardware is lower than other biometric scanners. New fingerprint scanners look below the surface to read vascular patterns (blood vessels)—even heartbeats. Samsung introduced an ultrasonic sensor to create a 3D image of a user’s fingertip with its 2020 release of the Galaxy S20 series, a huge advancement over 2D rendering:
Ultrasonic fingerprint ID is a new type of fingerprint sensor that uses ultrasonic waves to create a 3D image of your fingertip. Fooling the ultrasonic sensor is much harder, since the scanner doesn’t just reference your fingerprint’s pattern, but also the exact contours of the ridges, notches, and abnormalities. Samsung has also backed up this upgrade with a machine learning algorithm that helps detect the differences between real fingerprints and forged 3D replicas. —Samsung
Though face recognition is projected to be the top biometric method used for logging in, fingerprint scanners are projected to remain the leading biometric-based technology for eCommerce payments, with 4.6 billion smartphones estimated to have fingerprint sensors by 2024 globally.
More than 60 percent of biometrically-authenticated payments in 2024 will authorize remote payments. Biometric authentication will secure mobile payment transactions valued at some $2.5 trillion, representing an almost 1,000 percent increase compared to $228 billion in 2019. —Biometric Update
Audio cues create a “voice print.” Contrary to popular belief, the data points used in this technology aren't about listening; voices can be imitated. Instead, the technology takes vocal measurements from the shape of the mouth and throat that form different sound qualities. The cadence of speech is more important than the sound of it. This is important because a cold or even a difference in mood affects sound. In 2019, error rates still hovered around 3% (a shocker to Marvel movie Iron Man fans).
Two types of eye scanning technologies are currently on the market. Iris scanning uses the patterns of the iris (the ring of colour around the pupil) in combination with the vein patterns of the sclera (the white part of the eye) to identify a user. Blood vessels remain stable throughout life. That means they can function in the same way as a fingerprint. Similarly, retina scanners work by projecting light at the back of the eye to read blood vessels. Easy and accurate, but current issues for this technology relate to contact lenses, glasses, and sunlight, with error rates as low as 1 in 10 million. No physical contact is needed with the reader, keeping accuracy high. But iris scanning is slower than touch tech because infrared sensors must align at a proper distance from the face.
Biometric authentication has 4 working parts: DNA, software, hardware, and encryption.
What makes biometric authentication more secure than passwords, 2FA, or MFA is its dependence on the DNA of its user. DNA, or deoxyribonucleic acid, is the hereditary helix of instructions in living organisms that form our unique genetic code. It’s the master molecule in every cell. It’s the thing that makes us human, but unique from one another. Biometric scanners measure the short tandem repeat sequences (STRs) of DNA.
Biometric authentication has nothing to do with what you know (passwords) or what you have (a tokenized device or badge) and everything to do with who you are. Biometrics use physical properties (fingerprint, face structure, eye characteristics) and behavioural properties (voice recognition) to verify identity.
Phishing scams work with passwords because they trick the user into giving away a login credential. Biometrics takes gullibility out of the equation. You can’t give away your face print, iris markers, or thumb pattern.
An algorithm processes an image into a digital construction. It converts unique biological minutiae points and patterns into binary zeros and ones. Then it compares those zeros and ones and requires an exact match. In 2020, the Distinct Area Detection (DAD) algorithm (a 3D model that replaces the 2D minutiae point model) is used by fingerprint processors, which offers improvements in performance and reductions in false acceptance rates (FAR). (source: Research Gate). Vein authentication algorithms and ultrasonic waves are advancing biometrics even further.
Biometric scanners are not yet 100% accurate. There are two types of hardware errors: false rejects (FR) and false accepts (FA). A false reject happens when an authorized user can’t gain access using their biomarker. A false accept error grants access to the wrong user with a false bio trait. Both errors are measured by a confidence threshold. Increasing the threshold decreases FA errors but increases FR errors. Improvements in the sophistication of sensors will block spoofing attempts, which will reduce false acceptance rates (FAR).
What biometric readers will take us to 2030?
Biometric authentication no longer lives in a 1980s spy flick. It’s here. The global biometric market is expected to top 50 billion USD by 2024. That curve shows no sign of levelling off. It replaces weak, easy-to-hack alphanumeric character combos that have been used for sixty years and that have to be stored in human memory or in paid password vaults. It does away with physical dongles, badges, and keys that get lost or stolen. Biometric authentication uses the genetic biomarkers built into our DNA. The only requirement is to show up.
What biometric technology will win for 2030? Face recognition has a slight popularity edge over fingerprint scanners in 2020, but fingerprint scanning has mobile banking and the healthcare industry under its belt. It is likely that one of these two technologies will be the biometric hardware winner for 2030.
Advancements in science, algorithms, sensors, scanners, and encryption paved the way for biometric authentication on smart devices and encouraged acceptance in big markets. The hardware cost is buried in the price of the smartphone for consumers. For developers and eCommerce companies, LoginID makes biometric authentication affordable, with payments as low as completely free.
Future implementation of authentication technology on devices and websites is hampered by perceived downfalls like cost and a ‘fear of Big Brother’ mentality—users think sensitive data will be stored in databases and monitored by the state. Users fear biometrics will create a turnstile to privacy intrusion. But these falsehoods are getting exposed. Biomarkers are stored on local devices only, not shared with shady governments or tied to covert ops.
As those rumored barriers fade, biometric technology like face, fingerprint, and ocular recognition backed by smartphone giants and blockchain encryption will fortify the authentication industry, protecting personal information better than any technology before it and saving enterprises $millions if not $billions.