Behavioral biometrics: What is it and how does it work?
Behavioral biometrics are increasing in popularity against a backdrop of increasingly sophisticated cyberattacks, as conventional authentication methods can fall short of stopping malicious actors.
The advent of multi-factor authentication (MFA) technologies, particularly those relying on biometrics, has presented hackers with a new challenge, but no system is ever entirely secure.
To provide persistent, adaptive authentication while also reducing end-user friction, some organizations have turned to a relatively new form of biometric authentication, one measuring users’ behavior patterns. Here’s an overview of this evolving technology.
What is behavioral biometrics?
It is a technology that measures unique patterns in human activity. The term is often juxtaposed to physical or physiological biometrics, which refer to analysis of human characteristics like iris patterns or fingerprints.
Behavioral biometric tools can identify people from patterns in activity like gait or keystroke dynamics.
These tools are used by financial institutions, businesses, governments and retailers for user authentication, rather than 1:N identification.
Unlike conventional authentication methods that work when a person’s data is collected, for example by touching a sensor, behavioral biometric systems can authenticate continuously.
How does behavioral biometrics work?
Behavioral biometrics compare an individual’s identifying pattern to past behavior, often providing continuous authentication throughout an active session or recording.
The behavior is sometimes captured by an existing device, like a smartphone or a laptop, and sometimes by a dedicated device such as a sensor array for measuring footfalls in gait recognition.
The biometric analysis returns a score that represents the probability that the person performing the actions is the one who set the baseline behavior for the system.
Dissimilarity between a customer’s behavior and the expected profile prompts a step up to additional layers of authentication that can include a fingerprint scan, taking a selfie or other requests.
The technology can be employed as part of employee or customer access control, preventing account takeover, detecting social-engineering scams and spotting money laundering.