Skip to content

Biometric Theft is a Big Deal and Behavioral Biometrics Can Help

TL;DR Biometric theft is permanent, essentially rendering that biometric (e.g. thumbprint) useless for the lifetime of that user.  Behavioral biometrics use ephemeral data, meaning theft would only be a temporary disability.

Biometric authentication provides an attractive way of authenticating users into high-risk infrastructure.  Think about the Touch ID on your phone, or face and eye-scanning technology   As opposed to usernames, passwords and security questions, the patterns of your thumbprint are so complex that they are almost impossible to guess, and they can’t be stolen through fake websites, and you never have to remember them. Your thumbprint is unique to you, remains the same over your lifetime, and can’t be stolen on the web.  Or can it?

What happens when a fingerprint is stolen? Can we still count on it to uniquely identify ourselves?
What happens when a fingerprint is stolen? Can we still count on it to uniquely identify ourselves?

In the past, hardware flaws in some phones were exploited to allow attackers to steal the fingerprint images directly from the scanner on the device.  Even scarier, hackers in Germany stole the German Defense Minister’s fingerprints using only hi-res photos taken at a press conference. Other forms of Biometrics are even worse.  Due to the prevalence of social media, pictures and videos of us abound on the internet, allowing attackers to easily spoof face and voice biometrics.  So what happens when a biometric is stolen?  Since a thumbprint is permanent, a thumbprint that is stolen is essentially permanently rendered useless for authentication purposes: you can no longer use your thumbprint to prove you are who you say you are, ever.  It’s not like a Credit Card number that can be replaced.

Behavioral biometrics is a new form of biometric that allows you to verify your identity with the way you behave, as opposed to some aspect of your physical body.  The behavioral cues range from a swipe gesture you remember or a routine you do, but also can include passive aspects of your behavior such as your gait, typing speed, the order of the buttons you usually use as you interact with an app, the way you travel around, where you spend your time, etc.  One of the biggest challenges in behavioral biometrics is what we call “Behavioral Drift,” where the user’s behavior changes over time.  For example a ski injury makes you walk differently, you change neighborhoods for a new job, or an app update means you interact differently with your phone.  Behavioral drift means that the biometric must continually be updated to account for behavioral changes, potentially limiting accuracy if it is not handled correctly.  Recent advances in Deep Learning make it possible to build behavioral biometrics models that can accommodate behavioral drift while maintaining accuracy, but that’s a different topic.  However the drift also has the distinct advantage making the biometric ephemeral in nature: if it ever should be stolen, the threat to you, the user, is only temporary.

While behavioral biometrics as a tool is still in it’s infancy, the ephemeral nature of behavior itself presents huge potential for low-risk, high-accuracy user authentication.  To be clear, there has never been a known instance of theft of a behavioral biometric.

More from the Blog

April 30, 2024

Exploring Behavior as a Biometric and Continuous Authentication in Zero Trust Environments

In this blog, we're delving into behavioral authentication, a cutting-edge solution poised to tackle inherent security...
April 1, 2022

Biometrics are Here to Stay

A recent study by MaretsandMarkets noted that the global biometric system market is expected to grow to $68.6 billion...
March 7, 2022

Meet PCI DSS Requirements with Behavioral Biometrics

The Problem Implementation of PCI standards in the call center environment has continued to prove difficult, leaving...

Subscribe Here

We will never share your email address with third parties.