Behavioral biometrics: the future of online authentication

Biometric authentication​ - using the unique attributes of the human body to prove an individual's identity – has become increasingly common in recent years. Around the world, millions of people have become accustomed to using their fingerprints, eyes and faces in particular to authenticate themselves when making payments, traveling through airports and even voting in national elections.

The growth in the use of biometrics over the coming years is likely to be driven particularly by sales of smartphones with built-in fingerprint sensors – more than a billion are forecast to be shipped in 2018.

But the world of digital security never stands still. Cybercriminals are constantly testing the integrity of authentication technology, and even biometric identification methods may be vulnerable.

How do you do it?

That's where behavioural biometrics comes in. Whereas standard biometrics rely on a part of your body, behavioral biometrics use the unique way in which you do something to authenticate you. The main examples of this technology that are currently being developed analyze your gait (the way you walk) and your typing style (speed, keypad pressure, finger positioning and so on). Voice recognition technology is also sometimes classed as a form of behavioral biometrics.

This isn't actually a new form of authentication. When the telegraph was in common use as a means of communication (for almost a century from the 1850s), operators could be recognized by the way they transmitted the dots and dashes used in Morse Code. Indeed, during World War Two, Allied forces would verify the authenticity of messages they received by the way they were sent.

In today's digital world, behavioral biometrics has the advantage of using something that is similarly unique to the individual, without requiring any change in the user experience. Moreover, while traditional biometrics usually only address security at the point of login, behavioral biometrics can provide continuous authentication throughout the user's online journey.

Multiple choices

As with most forms of digital security, behavioral biometrics is most effective when combined with other forms of authentication. For example, systems have been developed that use multi-factor authentication for mobile payments made in stores.

First, the way in which the person making the purchase uses their phone (for example, how much pressure they use when typing) is analyzed. This information is then combined with the device's IP address and location as part of the authentication process. For example, if a request to access an account doesn't originate from a phone associated with the phone number that is on file for that user, the transaction can be refused. Similarly, if the user is logging in from a location known for hacker activity, access can be blocked or stronger authentication requested. Only if all the authentication measures match will the system confirm to the bank that the purchaser is authorized to make this payment.

Although this kind of multi-factor authentication process relies on huge amounts of data and complex algorithms, it all happens in the cloud, in a matter of moments; the experience for the consumer is frictionless. This is crucial – if authentication solutions are not simple and convenient, they are unlikely to gain widespread acceptance.

The next step

The shift from simple biometrics to behavioral biometric authentication is already under way. Analysts at market research company Technavio forecast that the global behavioral biometric market will grow at a compound annual growth rate of 17.34% between 2016 and 2020.

As more and more products and services move online, the demand for watertight authentication technology is only going to increase. As the next step in the evolution of personal identification that began with physical signatures and moved on to PINs and then fingerprint recognition, behavioral biometrics looks set to become a familiar feature of our lives in the coming years.

Related content: Best practice to reduce drawbacks of biometrics