The difference between biometric authentication and identification
Biometric authentication stores a person’s characteristics in a database or in a secure portable element such as a smart card or in a secure chip inside your mobile phone. This digital file could be a photo of a face, a voice recording or fingerprint image. It is then compared to the person’s live biometric data. If there’s a match, the person’s identity is verified.
Biometric identification determines the identity of an individual. Here, the live biometric data is compared with the data of many (possibly thousands of) other people. The system then confirms the correct match.
Of all the biometric options, facial recognition has attracted the most excitement – mainly because of recent advances in the technology.
Early systems struggled in low-light conditions.
Spoofers could trick them with photographs and videos. Now, that has changed. Today’s systems use technology such as 3D mapping to achieve live biometric authentication and deliver compelling levels of accuracy.
Because of this, smartphone and tablet makers now use facial identification as the default ‘unlock’ method for their devices and services. Indeed, Counterpoint Research expects more than a billion smartphones, with facial recognition will ship in 2020.
Facial recognition has applications beyond authentication.
Organizations can use it for surveillance or analyze consumers’ emotions in store.
As a result, a host of diverse use cases has emerged. They include:
Why secure and reliable authentication matters... and how facial recognition can provide it
In a world of digital services, issues of identity and authentication pose a problem.
How can people trust each other when they are not physically present?
Traditional paper-based forms of identity – passport, driver’s license, ID card – are not the answer. These documents were designed to be checked in physical settings by human agents on bespoke machines. And although they have been updated with contactless technology, checking paper documents can be time-consuming.
Meanwhile, many types of authentication are flawed, especially passwords.
With the average person needing to keep track of multiple passwords, many of which may need updating regularly, the password has become impractical as well as insecure.
Criminals can ‘phish’ people out of their passwords. Or they can use ‘brute force’ software to try millions of word combinations every second. The problem is that a widespread, universal (and convenient) form of digital identity doesn’t currently exist.
Something more robust is needed. Many experts believe facial recognition has the answer::
It’s non-intrusive as there is no physical interaction required by the user.
It’s relatively easy to deploy and implement
Technology costs – cameras, processing – are falling.
Mass adoption by smartphone makers has made it familiar to users.
Its results are accurate and fast.
There’s also a sense that facial recognition is best suited for future work and leisure patterns.
“The face is the most flexible biometric authentication modality,” says Alan Goode, CEO and Chief Analyst of Goode Intelligence. “It can be used in different contexts and settings. There’s no need for sensors. And this fits with current megatrends. Take ride-sharing. If we move into a future of autonomous driving and shared ownership, we will need new and seamless ways to identify ourselves. Facial recognition seems to provide the best answer to this.”
Facial recognition could be key for citizens of many nations too.
The face is the most flexible biometric authentication modality. It can be used in different contexts and settings. There’s no need for sensors.
But in a broader level, it’s just more convenient to have a single digital identity.
Frederic Trojani, chairman of the Security Identity Alliance, says: “Today, it seems we need a new identity every time we sign up for a new service. What we need is a sovereign digital identity – given to us at birth by our government – which is interoperable across all consumer, enterprise and government domains. This will provide a secure way to authenticate us with any entity that needs to know who we are, before offering benefits or services.”
The difference between identity and authentication
It’s tempting to use the words identity and authentication interchangeably. This is wrong, and it’s essential to understand the differences.
Identity: A set of credentials that comprises ‘you’. This could be your name and address. This could be a token or alias (an email address or phone number). Sometimes, this is even a physical ‘thing’ (an ATM card). Your identity must be unique and say to a third party ‘this is me’.
Authentication: What we do when a third party asks: ‘How can you prove it?’. In the case of an ATM card, the card is the ID and authenticator is the PIN. In the case of border control, the person’s ID is their name and passport. The authentication is carried out by the agent who looks at a person’s face and certifies the likeness.
A person’s identity is unique, but it is no secret. Authentication keys must be either secret (PINs, passwords) or hard to copy.
With biometric authentication, the authenticator is not secret, but it is challenging to mimic.
In the case of facial recognition, a system must be able to distinguish between a genuine subject and a faker using a photo, mask or video clip. So the ability of the authentication method to deter these attacks determines how strong it is.