Behavioral Biometrics Definition
What is Behavioral Biometrics?
User authentication is the process of verifying a user’s identity. Authentication systems can use various methods to accomplish this. Behavioral biometrics measure unique aspects of how a user behaves to authenticate their identity.
What are Authentication Factors?
The goal of authentication is to prove that a user is who they claim to be. Typically, this is accomplished by measuring something that is unique to the user.
Authentication factors are the different ways of accomplishing this. In general, authentication factors fall into one of three categories:
- Something You Know: The user proves their identity by proving that they know a particular secret. Passwords, PINs, and security questions are examples of knowledge-based authentication factors.
- Something You Have: Identity verification is performed based on the user’s possession of an authentication device such as a smartcard, smartphone, or hardware security token.
- Something You Are: The user’s identity is verified by measuring features unique to them such as fingerprints or voice recognition.
What is Behavioral Biometrics?
Biometric authentication in general falls into the “Something You Are” category of authentication. There are many different attributes that a computer can measure that are unique to a particular person. When the user creates a profile, the system will measure these features and create a model that they can use to recognize the user in the future.
Under the category of biometric authentication factors, there are two main types of authentication factors, including:
- Physical Biometrics: This form of biometric authentication measures unique features of the user’s body. For example, a fingerprint scanner on a smartphone compares a set of points on the user’s fingerprint to a version stored with the user’s record on the system.
- Behavioral Biometrics: Behavioral biometrics identifies users based on unique aspects of how the user acts. For example, gait recognition systems identify and authenticate users based on features of their walking patterns.
Types of Behavioral Biometrics
Behavioral biometric authentication factors profile people based on unique behavioral patterns. Some common forms of behavioral biometrics include:
- Gait Recognition: A person’s walking pattern is unique and can be difficult to fake since it depends on the user’s physiology.
- Keystroke Analysis: A user’s typing speed, rhythm, and the amount of pressure placed on keys can be used to create a unique biometric profile.
- Device Interaction: People often hold their phones and interact with them in a particular way. Unique features may include typing speed, how the user scrolls and swipes, etc.
- Signature Analysis: Analyzes the way that a user signs their name, including pressure, speed, style, etc.
Benefits of Behavioral Biometrics
Behavioral biometrics offer equally strong authentication as physical biometrics. This makes them a great complement or alternative to other authentication systems.
Behavioral biometrics also have a few unique benefits, including:
- Lack of Interaction: Unlike most physical biometrics, which require the user to interact with a scanner, behavioral biometrics typically don’t require explicit user interaction. For example, gait recognition systems can analyze CC-TV footage to identify a user.
- Ongoing Authentication: Behavioral biometrics’ lack of interactivity often means that they can be performed on an ongoing basis. For example, keystroke or device interaction analysis can be performed throughout a user’s entire session, providing stronger, ongoing user authentication.
- User Experience: Behavioral biometrics don’t require the user to provide information, have a particular device, or explicitly interact with a sensor. This provides a more positive, frictionless user experience than other authentication mechanisms.
Conclusion
Behavioral biometrics are a relatively new and uncommon form of user authentication. However, they have significant benefits and can be used to complement other authentication factors as part of a multi-factor authentication (MFA) scheme or as a standalone mechanism for user-friendly, frictionless authentication.