FB pixel

Cloudflare supports hardware biometric authenticators as CAPTCHA replacement

Cloudflare supports hardware biometric authenticators as CAPTCHA replacement

CAPTCHAs are considered annoying by many if not most internet users, and as Cloudflare points out, they can be a barrier to use for people who do not read certain languages or are using a mobile device. Biometric authenticators can now be used by Cloudflare users to prove they are not bots in an expansion of the content delivery network’s Cryptographic Attestation of Personhood (CAP) trial.

The use of native device biometrics like FaceID and TouchID on iPhones and Android Biometric Authentication allows users to complete the same check in a five-second process with face or fingerprint biometrics, Cloudflare says in a blog post. The biometric data is not uploaded to Cloudflare, but kept on device in a FIDO-style transaction. Likewise, hardware USB and NFC tokens certified by the FIDO Alliance and without security issues known to the FIDO Alliance Metadata service (MDS 3.0) are now supported.

Hardware authenticators work slightly differently for Apple and Android devices, but rely on a Trusted Execution Environment (TEE) or Trusted Platform Module (TPM) to store and use biometrics without compromising user privacy, Cloudflare writes.

Hardware authentication in this model typically shares only information about the make and model of the device affirming the authentication. Cloudflare says it has gone a step further by using a form of zero knowledge proofs, making strides towards learning nothing about the user or their device, except for their possession of a valid security key.

“Our testing group tried our Cryptographic Attestation of Personhood solution using Face ID and told us what they thought,” writes Cloudflare Product Manager for Research, Wesley Evans. “We learned that solving times with Face ID and Touch ID were significantly faster than selecting pictures, with almost no errors. People vastly preferred this alternative, and provided suggestions for improvements in the user experience that we incorporated into our deployment.”

Further, Cloudflare notes that although biometrics were not enabled as a method of attestation in the first phase of the CAP rollout, it was the next most commonly-attempted method after YubiKeys.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News


The UK’s election may spell out the future of its national ID cards

Identity cards are back among the UK’s top controversial topics – thanks to the upcoming elections and its focus on…


Challenges in face biometrics addressed with new tech and research amid high stakes

Big biometrics contracts and deals were the theme of several of the stories on that drew the most interest from…


Online age verification debates continue in Canada, EU, India

Introducing age verification to protect children online remains a hot topic across the globe: Canada is debating the Online Harms…


Login.gov adds selfie biometrics for May pilot

America’s single-sign on system for government benefits and services, Login.gov, is getting a face biometrics option for enhanced identity verification…


BIPA one step closer to seeing its first major change since 2008 inception

On Thursday, a bipartisan majority in the Illinois Senate approved the first major change to Illinois Biometric Information Privacy Act…


Identity verification industry mulls solutions to flood of synthetic IDs

The advent of AI-powered generators such as OnlyFake, which creates realistic-looking photos of fake IDs for only US$15, has stirred…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events