Biometrics continues to gain people’s trust when it comes to securing cyber credentials and authenticating access requests. It can already be considered as the new universal standard of security and privacy. To beef things up, authentication provider SecureAuth has added a new realm of verification factor to its offering: behavioral biometrics.
While multiple factors are useful for verification purposes, the addition of some unique factors as behavioral traits bolsters the security of a system. That is so because behavioral biometrics adds a new layer of protection and verification to identify users at the access point, without risking having attackers inside an organization’s network.
At present, SecureAuth has existing support for dozens of verification options, and the introduction of behavioral biometrics further pushes the horizon of security. Behavioral biometrics is based on the timing patterns of a user as he moves a mouse and hits the keys. From these pieces of information, a unique profile of that user is created through the identity management system.
The next time that user logs in to his account, the identity management system checks the keystrokes and mouse movements against the recognized pattern, on top of the multi-factor authentication.
There is talk that SecureAuth is the first to implement behavioral biometrics, though the method is not unfamiliar to the research community of course. At least over a decade ago, researchers began to study and explore the potential of human behavior as a way of creating a more robust and secure method of authenticating an access request to a network.
SecureAuth’s enhanced offering works by analyzing the way a user keys in the username and password. In the event that you fail to match existing logs of your behavioral pattern stored in SecureAuth’s server, do not fret, the company will still turn to other factors or ask a security question to know if you are the legitimate owner of an account you are trying to access.
It is hard to assume that behavioral biometrics promises a hundred percent accuracy, that is why questions linger whether it should be implemented in critical infrastructures that belong to a financial institution or a healthcare facility.
SecureAuth continues to look at other factors for authenticating access such as geolocation. The good thing about SecureAuth’s operation is that everything is encrypted and the company vows it only stores a few data and profile information as needed. The data are also stored on-premise, meaning customers have control of the treasure trove of information, not SecureAuth itself. Perhaps to avoid liabilities in the future.
