Woman using fingerprint for data access showing biometrics

Can Behavioral Biometrics Change the Future of Cybersecurity?

Incidents such as the loss of millions of dollars through cyber identity theft at Microsoft Exchange have captured our attention throughout the pandemic. Did you know the overall rate of cybercrime has increased by 600%?

Now, more than ever, companies are keen to manage their digital infrastructure and protect it from unauthorized access. The need for actively and passively controlling identity and authenticating users is immense.

Using biometrics, companies can ensure that the person using their systems, apps, or customer relationship management interface, is authorized to do so. This is because behavioral biometrics technology looks at unique behavioral patterns of individuals – such as the way of typing, breathing, or speaking – to verify their identities.

So, how does this technology tackle cybersecurity issues?

The status quo of behavioral biometrics

There are already several behavioral biometric approaches on the market – the behavioral biometrics market size is projected to reach $2.5 billion by 2023 – such as typing biometrics, voice recognition (checking for unique patterns in speech), signing pressure, and gait biometrics. These solutions aim to identify a user of a computer, mobile device, or console and give fast authorization to access the gadget.

Behavioral biometrics have, so far, not been accurate enough when used for verification. Thus far, their use has been limited. Why? Imagine the way you type: It’s most likely truly unique to you – but a system analyzing your typing behavior must be able to recognize you even when you’re tired, your left hand might be hurt, or you are using a different keyboard. Behavioral biometrics could also be easier to imitate and thereby facilitate fraud, especially when using less sophisticated algorithms unable to detect miniature behavioral differences.

Businesses need to be cautious in implementing biometrics, particularly when securing sensitive data such as patient records, business figures, or customer information. They shouldn’t rely solely on biometric behavior patterns. Instead, combining them with other approaches can make identification or verification easier, faster, and 100% secure.

Multi-factor authentication to rescue internet security

The most common method of mixing and matching internet security approaches is multi-factor authentication. Here, a number of characteristics or information help identify a user. You may have experienced this with the typical Google authentication process into their applications:

  1. You enter your password
  2. You get a security code sent to you by email
  3. You type in the code and gain access

But what’s your true experience with those three “little” steps? Truth be told, it is relatively inconvenient for the user. It takes between one and two minutes and involves back and forth – and requires access to the email account. Such a slow system is not ideal for companies and businesses looking to enhance their user experience – and even less so for employees risking losing several minutes of their time for log-ins.

Today, the average person spends 12 minutes a week entering or renewing passwords. Dissatisfaction, customer churn, and revenue loss are direct consequences of slow authentification processes – and the need for better alternatives is becoming more pressing than ever.

Both behavioral and standard biometrics (fingerprint or iris scan and face recognition) are characteristics inherent to us – which means they are with us all the time (as opposed to an email account). They are also much more difficult to fake or imitate, especially when combined. You can fake a person’s face using a mask or expression, but it’s much harder to look like them and type or walk like them at the same time.

Depending on the use case and security scenario, the different approaches (like passwords or biometric data) should be mixed and matched as needed. The system can check if a particular face is in front of a computer just once and then rely on typing behavior to verify the person hasn’t switched in between. In more complex use cases, businesses can track a person using a combination of approaches: Identification by face if you can see it, monitoring their use of security consoles through fingerprints, adding vein scans, and typing.

All these systems should be able to automatically and passively recognize who we are (similar to the Apple iPhone facial recognition) – it is smooth, fast, and straightforward for the user.

Don’t forget data security using biometrics

Unlike passwords or one-time codes, such as those used by Google, biometric data storing must be designed to prevent any misuse in the event of a leak or data breach. For example, by encrypting and storing data in various isolated databases, companies can enhance their entire security infrastructure. The key is to work with a sophisticated algorithm that can convert scanned biometric data into a digital template and compares it against a template in a database  No personal data is therefore transferred – and the templates cannot be reverse-engineered to reveal the biometric data themselves. Even in a case of a leak, templates would be useless to the attacker, as they cannot be converted into a fake fingerprint, voice, or face.

Seamless biometrics is simultaneously experiencing a new resurgence due to rapidly evolving edge computing. Edge computing refers to the ability of cameras and other connected devices to perform most of their biometric processing on the device and transmit only the results of their calculations over the network, requiring much less bandwidth. Again, as only biometric templates are used, the personal data are never under the threat of leaking, as they stay on-device and are not transmitted. Combined with 5G network capacity and low latency, all of the biometric checkings can take place in real-time.

Although it is still too early to integrate behavioral biometrics as the sole factor in access control, today’s use cases already show us a glimpse of tomorrow. This type of identity proofing will become more accessible, more secure, and more reliable as the technology evolves. Identity forgery is just one of the potential cybersecurity problems. The combination of biometric factors and the advent of edge computing capabilities together with cloud deployment will very quickly lead to seamless, real-time authentication that does not require large onsite servers coupled with high network bandwidth and throughput.