FB pixel

Cloudflare supports hardware biometric authenticators as CAPTCHA replacement

| Chris Burt
Categories Access Control  |  Biometrics News  |  Mobile Biometrics
Cloudflare supports hardware biometric authenticators as CAPTCHA replacement
 

CAPTCHAs are considered annoying by many if not most internet users, and as Cloudflare points out, they can be a barrier to use for people who do not read certain languages or are using a mobile device. Biometric authenticators can now be used by Cloudflare users to prove they are not bots in an expansion of the content delivery network’s Cryptographic Attestation of Personhood (CAP) trial.

The use of native device biometrics like FaceID and TouchID on iPhones and Android Biometric Authentication allows users to complete the same check in a five-second process with face or fingerprint biometrics, Cloudflare says in a blog post. The biometric data is not uploaded to Cloudflare, but kept on device in a FIDO-style transaction. Likewise, hardware USB and NFC tokens certified by the FIDO Alliance and without security issues known to the FIDO Alliance Metadata service (MDS 3.0) are now supported.

Hardware authenticators work slightly differently for Apple and Android devices, but rely on a Trusted Execution Environment (TEE) or Trusted Platform Module (TPM) to store and use biometrics without compromising user privacy, Cloudflare writes.

Hardware authentication in this model typically shares only information about the make and model of the device affirming the authentication. Cloudflare says it has gone a step further by using a form of zero knowledge proofs, making strides towards learning nothing about the user or their device, except for their possession of a valid security key.

“Our testing group tried our Cryptographic Attestation of Personhood solution using Face ID and told us what they thought,” writes Cloudflare Product Manager for Research, Wesley Evans. “We learned that solving times with Face ID and Touch ID were significantly faster than selecting pictures, with almost no errors. People vastly preferred this alternative, and provided suggestions for improvements in the user experience that we incorporated into our deployment.”

Further, Cloudflare notes that although biometrics were not enabled as a method of attestation in the first phase of the CAP rollout, it was the next most commonly-attempted method after YubiKeys.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Cybastion to support digital infrastructure development in DRC

U.S. digital ID and cybersecurity firm Cybastion will deploy its technology and expertise in support of the Democratic Republic of…

 

Tanzania seeks biometrics contractors for Phase II of national digital ID project

Tanzania says it is seeking contractors for some activities related to the execution of Phase II of the country’s national…

 

Smart glasses and the new DHS surveillance budget

The Department of Homeland Security’s (DHS) Fiscal Year (FY) 2027 budget justification lays out an expansive biometric and identity tech…

 

Voice AI expands attack surface for speaker biometrics as APIs proliferate

Deepfake voices are already a challenge for authentication systems. But the task is getting tougher, as big players pursue voice…

 

NetChoice wins in Arkansas, but faces forever war against age assurance

The battle over age assurance legislation in the United States has reached its next level. As the global tide turns…

 

UIDAI selects 20 bug bounty hunters to bolster India’s digital ID security

The Unique Identification Authority of India (UIDAI) has launched a structured bug bounty program. The authority will open its core…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events