What Is Behavioral Biometrics and Will It Replace Passwords?

Behavioral Biometrics

The people that spend the majority of their day posting, sharing, and liking things on social media – you see them every day, and you wonder how they got on with life back in the days when publishing a photo of your caffeinated drink wasn't that fashionable. What you probably don't think about too much, however, is just how complex the process of Instagramming a cappuccino is.

Obviously, before you can post the photo, you need to take it, and, in the majority of cases, this means that you need to use your phone. Because there's so much sensitive data on our mobile phones these days, most people tend to lock them, hoping to ensure that their private photos and messages don't end up in the wrong hands.

When the picture is taken, you need to share it with your friends. Instagram doesn't want you to share it with someone else's friends which is why it needs to make sure that you're logging in to the correct account. Then, and only then, can everyone see the glorious Italian brew and the small bit of your finger that is protruding from the edge of the frame.

So, you've got two instances where you need to prove your identity in the span of a few minutes. Crucially, they are supposed to combine security with ease-of-use to create a smooth, pleasant experience that doesn't interfere with your busy day. Sadly, if done correctly, proving your identity via the traditional method of a username and a password is anything but smooth and pleasant.

Passwords are a nuisance

When computers were still extremely expensive monstrosities used by a handful of people, the password was a good idea. Nowadays, computers fit in your pocket and are used by anyone from your grandmother to, if stock photos are to be believed, teenagers wearing Guy Fawkes masks. Whether or not they really are so fond of the historical-figure-turned-comic-book-and-movie-character is questionable, but there's no denying the fact that hackers do exist. And they're up to no good.

With so many people using internet-connected devices, and with the security of those devices hanging on what is often a fairly simple password, there's no shortage of targets, either. The problem is, passwords are just too annoying.

People can't remember many complex passwords which is why, they either use extremely simple ones, or they reuse the same passwords for multiple websites. As a result, the Guy Fawkes fanatics have been having it quite easy.

Physical biometrics: a less-than-perfect answer

Fingerprint readers and facial recognition gizmos were once the stuff of spy movies and novels, but now, there's a great chance that one of those contraptions spends most of its life in your pocket or purse. The technology is quite a bit cheaper and far more reliable than it used to be which means that more and more devices come with biometric authentication mechanisms. And this is good news for the users as well because touching a piece of plastic or staring at a camera is far easier than trying to remember and type dozens of different passwords that have uppercase, lowercase letters, digits, and symbols. So, it seems like we've found the panacea. Not quite.

Physical biometric data can be copied. In fact, the mouse, the keyboard, the coffee mug, basically every single object around you contains all the information an attacker would need to unlock your phone. Sure, guessing a password is far easier than fooling a fingerprint reader, but just like manufacturers found a way of implementing biometric authentication in our everyday lives, the crooks will streamline the process of cracking it. And then the really big problem is that once it's cracked, you can't just swap your fingerprint for another one like you can your password. You're pretty much stuck with it for the rest of your life.

In other words, while you can safely say that physical biometrics are a viable authentication method for many purposes, they still aren't perfect, and they're unlikely to fully replace passwords. But does that mean that we must discard biometrics as a whole?

Behavioral biometrics: how do they stack up?

There is a fairly fundamental difference between physical and behavioral biometrics. Obviously, the fact that we've got the word "biometrics" in the name suggests that we're talking about things that are unique to every single person. As you might have guessed already, however, while physical biometric data is related to parts of our body (fingerprints, face, retina, etc.), behavioral biometric data is related to the way we act.

You don't need to have a Ph.D. in Psychology to know that different people perform tasks differently. After many experiments, however, scientists discovered that when it comes to trivial stuff like speaking, walking, or even typing on a computer keyboard, there are subtle differences that make our way of doing all these things completely unique.

These are not things an actor or a bad person can imitate. We're talking about minute differences that only specially designed software and hardware can pick up. Because they are small enough to be visible to machines only, they are considered a valid way of ensuring that you are who you say you are.

The great thing about it is, behavioral biometrics could completely eradicate the authentication process. Experts say that you won't need to enter a username and a password, you won't need to touch the fingerprint scanner, and you won't need to provide any hardware tokens. You'll just go about your day, and the computer in front of you will silently monitor your behavioral patterns and will check if there's a match, all without requiring you to do anything. Some of you might be a bit skeptical about what we just described, but the fact of the matter is, people and companies are pouring a lot of time, brain capacity, and money into behavioral biometrics, and they wouldn't be doing it if there was no merit to the research.

When can we see it coming?

Don't hold your breath. Yes, someday, we might see computer systems and phones identifying us by the way we speak, breathe, and move, but we are some way away. The idea is still in its infancy, and although people with big brains are dedicating their careers to it, we've yet to see a working concept.

Furthermore, scientists have yet to prove that behavioral biometric authentication is more secure than what we currently have, and they must also address some privacy concerns that arise from the fact that if it's implemented, machines will be monitoring our every move.

So, for the time being, we're stuck with passwords as the most common authentication mechanism, which means that you need to think about how you manage your login data. It's not an easy task, but thankfully, there are tools like the Cyclonis Password Manager that can help you simplify it. To learn more about Cyclonis Password Manager, click here.

September 19, 2018

Leave a Reply