Biometrics, from fingerprints to iris- and facial-recognition, are advancing, with behavioral biometrics quickly becoming the security access of choice, says BioCatch VP Frances Zelazny.
While both fingerprints and biometric security have been around a long time, iris and face recognition are growing as another way to get through security, Frances Zelazny, Vice President of BioCatch, tells TechRepublic's Dan Patterson. But the real comer are behavioral biometrics. The following is an edited transcript of the interview.
Dan Patterson: So one solution to bad password or weak password management is biometric security. Can we kind of lay out the landscape of biometric security? Is it a lot of thumbprint and fingerprint readers, or do we see iris scanners? What technology is really driving biometric security?
Frances Zelazny: Biometrics have been around for over 30 years, at this point. Some of the earliest known ones are fingerprint, obviously. I would say in the last five years, they've taken off in the consumer space. We see them on the phones.
The most common biometrics that people know about are finger and face because they're on the devices that we use every single day, but iris recognition, for example, is very popular in the travel sector for fast pass, getting through security, immigration. That technology is also used throughout the world to enable people with no identity to apply for all sorts of refugee status and social and economic development type of programs.
We're seeing, more and more, these technologies becoming pervasive in our everyday lives, and new modalities like behavioral biometrics are coming into play now, to provide a continuous authentication layer, past the initial login online.
SEE: Network security policy (Tech Pro Research)
Dan Patterson: Tell us more about behavioral biometrics, and what are the advantages of this?
Frances Zelazny: Behavioral biometrics are technologies, essentially, that are looking at the way you type, the way you scroll, the way you toggle between fields, the way we do many different things online that we don't even realize. For example, some people may scroll on the right side, using the scroll bar on the right, whereas other people will use the arrows up and down, to just go through the screen.
How we even hold the phone and what pressure we use, whether we have a hand tremor, all these things are part of our behavior that is subconscious and innate, and as a result, because it's not something that you can physically even see or touch, it's impossible to copy or to steal.
Dan Patterson: What are some of the weaknesses of biometric security, and is this behavioral, which I assume uses artificial intelligence?
Frances Zelazny: Mm-hmm [affirmative].
Dan Patterson: Is behavioral biometrics an answer to some of the weaknesses of biometric security?
Frances Zelazny: Well, all technologies have their pros and cons, and it's hard to say in one category, in an umbrella category, that these are the pros and cons, so there are things to take into consideration.
One of them is what the modality actually requires you to do. With fingerprint, you need to engage with a sensor. With face, your face has to be visible to the camera. So if you're trying to use face to get into your phone and you're in a meeting, and you're trying to go like this, it's not going to work. So it's really how the technology is applied and in what instance.
One of the benefits of behavior is that it doesn't require you to change anything that you would normally do and it's just picking up your patterns as you're engaging with an application or with a device, as it goes along. But, to put very simply, behavioral biometrics can't be used to get into a door because it's not a physical modality. So it's really an online modality. Every modality has its pros and cons.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Orbitz says hacker stole two years' worth of customer data (ZDNet)
- Dark Web: The smart person's guide (TechRepublic)
- Yahoo users can sue over data breaches, judge rules (ZDNet)
- 5 ways to build your company's defense against a data breach before it happens (TechRepublic)