The term so-called multi-factor authentication means establishing the identity of an online user. More than one factor must get into use. The second known item, the SMS code (referred to as the OneTime password) sent to the user’s registered phone number. However, this widespread practice has been criticized and weakened and is now praised. By organizations such as the NIST (National Institute of Standards and Technology). What Is Biometric Authentication?
In general, you have three categories of factors:
Biometrics falls into the “you are something” category. The fingerprint is the most common biometric factor for the proliferation of fingerprints. Which enabled smartphones on the market. Other examples of biometric factors are the face, retina (eye), heart rate, voice, behavior, and so on. One day we will also have DNA for online authentication. I will not go into the details of biometrics. But you may be wondering ‘What is biometrics?’ Consider this article on Find Biometrics.
Fingerprint access to your online bank?
Now that we know that a biometric factor, is used to facilitate the authentication process, we can focus on how it works in real life.
Your iPhone does not automatically access your bank account. Apple and bank systems are completely different. How can we bridge the gap and allow you to use your wealth with your finger? The first thing is to have an identity provider like GlobalSign. The identity provider allows the bank to accept authentication methods along with its one-time password generator located somewhere in your home.
Next, we need to download an app like Maupin on your phone.
Once the application has been downloaded and you have burned your browser and accessed your banking site, we call it the ‘user-driven federation’. This means that during the authentication phase, you first authenticate with your banking credentials (I like to call it: ‘dog eaten token’) and then input something like your phone number.
Also Read: More about Smart Thermostat
The bank identification provider will then send an authentication request for your fingerprint to your smartphone app. You push the circle on your iPhone, and then send back the response to the identifier, and voila. Now you can authenticate your bank instead of the token. By using your fingerprint (which was eaten by the dog).
But is it biometrics all the way?
When you consider the stream described above. You may feel that your fingerprint is important for unlocking the website door. But you are wrong. In the scenario above, the fingerprint pin code is changing. The application contains a PKI (private) key, used to sign the response message to the identity provider. This key is protected by pin code, fingerprint, or facial recognition. This is the right way to implement biometric authentication for online services. Biometric information does not leave the device.
Why biometric authentication is good
Consider the average consumer. They don’t know much about security; They rely on the bank to take care of them one way or another. What they care about is a lot of convenience and usability. We can all agree that complex passwords. That must change every 90 days is a nightmare. We can safely assume that the one-time password token. Which produces sequences with 6-8 digit numbers is a questionable convenient factor. If you do not have a dog. That eats these tokens, you may have a small black hole where all the little tokens and other little gizmos disappear and are never seen again. I have at least one in my apartment.
Why biometric authentication is bad
The most common criticism against biometrics is: that you cannot change it. This is true with minor exceptions. If for some reason the biometric template of your toe leaks. You can add a sharp knife to make it clumsy (funny). Additionally, so-called Cancel biometrics involves distorting biometric features and mapping them into a new template.