Biometric
Comparing biometric readers
Biometric technology protects the world from identity theft and
cybercrimes. It offers an unbreakable way for users to authenticate
with their own unique biometric characteristics. Advances in science,
software, hardware, encryption, and regulations have catapulted the
integration of biology-based authentication—with no slowdown in sight.
Star Trek introduced biometric authentication to the world as far back
as 1966 using voice ID, retina scans, and face recognition on the
Starship Enterprise. The Tricorder even scanned vitals to assess
medical conditions (we’re not there—yet). Bio-scanners also appeared
in Blade Runner, Robocop, Back to the Future, Terminator, Ex Machina,
and plenty of other Sci-Fi flicks over the last fifty years.
The vision was there on the big screen because the
technology was evolving behind it in real life.
Initial exploration in the 1960s gained traction with government
funding from the FBI. Standards commissions encouraged the
international sharing of biometric science discoveries. Biotech
consortia popped up around the world and defense agencies like the DoD
moved research into prototype development. At the same time, network
and server capabilities advanced, merging siloed databases into a
globalized hub. Then, at the turn of the century, security threats and
terrorism propelled widespread testing of biometric devices at
borders.
Then, in 2013, Apple introduced the iPhone 5S, the first smartphone
with TouchID fingerprint authentication. It was a turning point.
Biometrics was no longer a high-tech tool used solely by government
agencies. It was suddenly part of everyday life. And everyday users
liked it—a lot.
Logging in with something you know (passwords, pin codes, pattern
codes) or something you had (badges, cards, keys) had always been
cumbersome, slow, and prone to breach. Biometric authentication
rendered memory work and keeping track of a thing unnecessary. This
meant that secondary security measures like two-factor (2FA) SMS codes
(that were susceptible to fraud) were no longer needed.
Bio-authentication let you log in with something you are.
It took 60 years, but biology-based security as a futuristic concept
has been replaced by widespread acceptance and a race to implement
biometric tech—today.
How biometric scanners work today:
There are several biomarker traits used to verify identification, but
all biometric methods work the same way:
A scanner sensor records raw biometric data
The biometric trait is extracted by a processor
The trait is pattern-matched to a stored trait
Identity is authenticated or rejected by an encrypted algorithm
Which biometric technology wins the authentication race in 2020?
The short answer is face recognition. The long answer is that some
biomarker technologies are taking off more than others in some areas
and some are slightly more accurate than others:
Facial recognition
The shape of your face creates a “faceprint” where over 80 nodal
points identify a user. Incorporated into computer and smartphone
screens, there is still room for improvement.
Facial recognition can be prone to false negatives. That’s when your
device fails to unlock because you are wearing glasses or makeup, or
just due to differences in ambient lighting. Security-conscious
organizations handling sensitive data should consider fingerprint or
iris scanning for greater protection.
—Samsung
Slight angles pose problems which makes focussing on 3D-rendering a
priority to prevent photographs from being used to spoof face readers.
Improvements in facial recognition are happening fast. In 2014, error
rates were as high as 4%. Today that stat is
0.2%.
Apple states the odds of a random face tricking its Face ID scanner is
roughly 1 in 1 000 000. That’s why, in 2019, facial recognition was
integrated into 96 million mobile phones. That number is projected to
increase to more than 800 million smartphones by 2024 (90% of
smartphones), with overall face technology integration totalling 1.3
billion devices.
Juniper Research.
Fingerprint scanning
The swirly ridges of a fingerprint are unique to an individual and
that’s why we’ve been using fingerprints as an identity indicator
since the 1800s to place criminals at crime scenes. Today, fingerprint
scanners are integrated into smartphones. The odds of a fingerprint
pattern matching another is as low as 1 in 64 billion (Apple says it’s
more like 1 in 50,000—either way, it’s slim). The error rate for
fingerprint scanning hardware is lower than other biometric scanners.
New fingerprint scanners look below the surface to read vascular
patterns (blood vessels)—even heartbeats. Samsung introduced an
ultrasonic sensor to create a 3D image of a user’s fingertip with its
2020 release of the Galaxy S20 series, a huge advancement over 2D
rendering:
Ultrasonic fingerprint ID is a new type of fingerprint sensor that
uses ultrasonic waves to create a 3D image of your fingertip.
Fooling the ultrasonic sensor is much harder, since the scanner
doesn’t just reference your fingerprint’s pattern, but also the
exact contours of the ridges, notches, and abnormalities. Samsung
has also backed up this upgrade with a machine learning algorithm
that helps detect the differences between real fingerprints and
forged 3D replicas.
—Samsung
Though face recognition is projected to be the top biometric method
used for logging in, fingerprint scanners are projected to remain the
leading biometric-based technology for eCommerce payments, with
4.6 billion smartphones
estimated to have fingerprint sensors by 2024 globally.
More than 60 percent of biometrically-authenticated payments in 2024
will authorize remote payments. Biometric authentication will secure
mobile payment transactions valued at some $2.5 trillion,
representing an almost 1,000 percent increase compared to $228
billion in 2019.
—Biometric Update
Voice recognition
Audio cues create a “voice print.” Contrary to popular belief, the
data points used in this technology aren't about listening; voices can
be imitated. Instead, the technology takes vocal measurements from the
shape of the mouth and throat that form different sound qualities. The
cadence of speech is more important than the sound of it. This is
important because a cold or even a difference in mood affects sound.
In 2019, error rates still hovered
around 3%
(a shocker to Marvel movie Iron Man fans).
Ocular scanning
Two types of eye scanning technologies are currently on the market.
Iris scanning uses the patterns of the iris (the ring of colour around
the pupil) in combination with the vein patterns of the sclera (the
white part of the eye) to identify a user. Blood vessels remain stable
throughout life. That means they can function in the same way as a
fingerprint. Similarly, retina scanners work by projecting light at
the back of the eye to read blood vessels. Easy and accurate, but
current issues for this technology relate to contact lenses, glasses,
and sunlight, with error rates as low as
1 in 10 million.
No physical contact is needed with the reader, keeping accuracy high.
But iris scanning is slower than touch tech because infrared sensors
must align at a proper distance from the face.
Biometric authentication has 4 working parts: DNA, software,
hardware, and encryption.
DNA
What makes biometric authentication more secure than passwords, 2FA,
or MFA is its dependence on the DNA of its user. DNA, or
deoxyribonucleic acid, is the hereditary helix of instructions in
living organisms that form our unique genetic code. It’s the master
molecule in every cell. It’s the thing that makes us human, but unique
from one another. Biometric scanners measure the short tandem repeat
sequences (STRs) of DNA.
Biometric authentication has nothing to do with what you know
(passwords) or what you have (a tokenized device or badge) and
everything to do with who you are. Biometrics use physical properties
(fingerprint, face structure, eye characteristics) and behavioural
properties (voice recognition) to verify identity.
Phishing scams work with passwords because they trick the user into
giving away a login credential. Biometrics takes gullibility out of
the equation. You can’t give away your face print, iris markers, or
thumb pattern.
Software
An algorithm processes an image into a digital construction. It
converts unique biological minutiae points and patterns into binary
zeros and ones. Then it compares those zeros and ones and requires an
exact match. In 2020, the Distinct Area Detection (DAD) algorithm (a
3D model that replaces the 2D minutiae point model) is used by
fingerprint processors, which offers improvements in performance and
reductions in false acceptance rates (FAR). (source: Research Gate).
Vein authentication algorithms and ultrasonic waves are advancing
biometrics even further.
Hardware
Biometric scanners are not yet 100% accurate. There are two types of
hardware errors: false rejects (FR) and false accepts (FA). A false
reject happens when an authorized user can’t gain access using their
biomarker. A false accept error grants access to the wrong user with a
false bio trait. Both errors are measured by a confidence threshold.
Increasing the threshold decreases FA errors but increases FR errors.
Improvements in the sophistication of sensors will block spoofing
attempts, which will reduce false acceptance rates (FAR).
What biometric readers will take us to 2030?
Biometric authentication no longer lives in a 1980s spy flick. It’s
here. The global biometric market is expected to top
50 billion USD by 2024.
That curve shows no sign of levelling off. It replaces weak,
easy-to-hack alphanumeric character combos that have been used for
sixty years and that have to be stored in human memory or in paid
password vaults. It does away with physical dongles, badges, and keys
that get lost or stolen. Biometric authentication uses the genetic
biomarkers built into our DNA. The only requirement is to show up.
What biometric technology will win for 2030? Face recognition has a
slight popularity edge over fingerprint scanners in 2020, but
fingerprint scanning has mobile banking and the healthcare industry
under its belt. It is likely that one of these two technologies will
be the biometric hardware winner for 2030.
Advancements in science, algorithms, sensors, scanners, and encryption
paved the way for biometric authentication on smart devices and
encouraged acceptance in big markets. The hardware cost is buried in
the price of the smartphone for consumers. For developers and
eCommerce companies, LoginID makes biometric authentication
affordable, with payments as low as completely free.
Future implementation of authentication technology on devices and
websites is hampered by perceived downfalls like cost and a ‘fear of
Big Brother’ mentality—users think sensitive data will be stored in
databases and monitored by the state. Users fear biometrics will
create a turnstile to privacy intrusion. But these falsehoods are
getting exposed. Biomarkers are stored on local devices only, not
shared with shady governments or tied to covert ops.
As those rumored barriers fade, biometric technology like face,
fingerprint, and ocular recognition backed by smartphone giants and
blockchain encryption will fortify the authentication industry,
protecting personal information better than any technology before it
and saving enterprises $millions if not $billions.