FB pixel

Cloudflare supports hardware biometric authenticators as CAPTCHA replacement

Cloudflare supports hardware biometric authenticators as CAPTCHA replacement
 

CAPTCHAs are considered annoying by many if not most internet users, and as Cloudflare points out, they can be a barrier to use for people who do not read certain languages or are using a mobile device. Biometric authenticators can now be used by Cloudflare users to prove they are not bots in an expansion of the content delivery network’s Cryptographic Attestation of Personhood (CAP) trial.

The use of native device biometrics like FaceID and TouchID on iPhones and Android Biometric Authentication allows users to complete the same check in a five-second process with face or fingerprint biometrics, Cloudflare says in a blog post. The biometric data is not uploaded to Cloudflare, but kept on device in a FIDO-style transaction. Likewise, hardware USB and NFC tokens certified by the FIDO Alliance and without security issues known to the FIDO Alliance Metadata service (MDS 3.0) are now supported.

Hardware authenticators work slightly differently for Apple and Android devices, but rely on a Trusted Execution Environment (TEE) or Trusted Platform Module (TPM) to store and use biometrics without compromising user privacy, Cloudflare writes.

Hardware authentication in this model typically shares only information about the make and model of the device affirming the authentication. Cloudflare says it has gone a step further by using a form of zero knowledge proofs, making strides towards learning nothing about the user or their device, except for their possession of a valid security key.

“Our testing group tried our Cryptographic Attestation of Personhood solution using Face ID and told us what they thought,” writes Cloudflare Product Manager for Research, Wesley Evans. “We learned that solving times with Face ID and Touch ID were significantly faster than selecting pictures, with almost no errors. People vastly preferred this alternative, and provided suggestions for improvements in the user experience that we incorporated into our deployment.”

Further, Cloudflare notes that although biometrics were not enabled as a method of attestation in the first phase of the CAP rollout, it was the next most commonly-attempted method after YubiKeys.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

New South Wales Digital Strategy is building a roadmap to inclusion and safety

Chris Minns’ Labour government has launched its new digital roadmap for New South Wales, Australia’s most populous state and home…

 

Worldcoin waves in more applications for expanded grant program

Worldcoin has shifted their grant program to fund innovation in its World ID project, decentralized identity and growth initiatives, says…

 

MDL interoperability put to the test amid standardization, adoption push

Australia’s National Digital Trust Service (DTS) for digital driver’s licenses has passed an interoperability road test based on international standards….

 

Governments need digital ID verification strategies to beat rampant fraud

“The concept of digital IDs is relatively straightforward”: so says a piece in Nextgov/FCW, covering fresh legislative efforts to win…

 

Infrastructure challenges impacting NIN card production says UrbanID exec

Acute infrastructural challenges stand in Nigeria’s way as the country carries on with the issuance of mobile digital ID as…

 

Philippines agency to print national ID cards itself

The Philippine Statistics Authority (PSA) is switching up where it is printing PhilSys ID cards following the termination of the…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events