Can’t fool me twice: Multifactor biometric authentication


Biometrics — they sound intriguing, cutting-edge, and make you feel like James Bond. But what’s the real value proposition of using biometrics and how reliable is this form of authentication? It is predicted that over the next few years, biological identity and biometric data will completely replace the current username and password system for securing personal identity.

The Biometric Password
Your basic password can be hacked in seconds with minimal effort, but your biometrics are a different story. It may seem easy in the movies, but copying a fingerprint, iris scan, or fooling facial recognition software is almost impossible with today’s advanced technology, especially when using more than one biometric modality (finger, face, voice, palm vein, etc.).

The basis of multi-factor authentication is to have two levels of security, or two factors. Without biometrics, these two factors would have to be ‘something you know’ plus ‘something you have’, such as a password plus a hard token. The implementation of a biometric system makes this process more convenient and user-friendly. One, or both, factors can simply be ‘something you are’ – a fingerprint plus iris scan for example. So, how are we supposed to keep our data safe and secure? Should we settle for complying with two-factor authentication using a hard token or ever-changing PIN number, or are our own biometrics the answer?

“A single biometric has been falling short of providing secure authentication. But we know that by mixing multiple biometrics, we can get there”, said David Nahamoo, IBM fellow and speech chief technology officer.

Why Multimodal Biometrics?
A main advantage of a multifactor, or multimodal, biometric system is enhanced security and customisable security settings. By using multiple modalities, a security system can require a higher threshold for recognition and an administrator can determine the level of security needed. Another benefit is that if one biometric identifier fails for any reason, the system can use another one to still provide accurate identification of the person in question.

The biggest threat to authentication systems is spoofing, or fraud. Spoofing occurs when an unauthorized person is able to fool the system into identifying them as someone else. Biometric fusion (combining multiple modalities) improves accuracy and security performance to prevent this from happening. By using multiple biometric modalities, as well as liveness detection (proving you’re alive) identity becomes very difficult to fake. Biometric technology relies on a unique identifier that is intrinsic to who you are, rather than something you know or have, to prove your identity.

The inadequate accuracy and reliability of traditional authentication (passwords, usernames, PINs, and tokens) and unimodal biometric systems has led to the adoption of multimodal biometric systems to provide maximum accuracy. Multimodal biometrics are a must in industries where security and accuracy are of the utmost importance, such as the healthcare, government, and finance.

How It Works
Multifactor, or multimodal, biometrics uses information from two or more biometric modalities such as fingerprint and iris, or face and voice. The accuracy of this combination is calculated by the system in terms of image acquisition errors and matching errors. Image acquisition errors consist of failure-to-acquire (FTA) and failure-to-enroll (FTE) rates. Matching errors include false non-match rates (a legitimate person is rejected, FNMR) and a false match rate (an impostor is granted access, FMR). These rates are usually zero due to fusion strategies that create positive identification, with each biometric trait offering additional evidence of authenticity.

Source: Planet Biometrics

Your basic password can be hacked in seconds with minimal effort, but your biometrics are a different story. It may seem easy in the movies, but copying a fingerprint, iris scan, or fooling facial recognition software is almost impossible with today’s advanced technology.