After passwords and traditional biometrics, behavioral biometrics is transforming the security of smartphones
by Alex Miller
An average user either uses a PIN, pattern or a password to secure his phone. When it comes to passwords, we are advised to create strong ones that are hard to crack, but the problem is, they are easy to forget. In a study conducted UnifyID, 75% of the respondents said it was difficult for them to track their passwords and 83 percent claimed they never want to use a password on their phone again.
That’s just the customer’s side of the story; wait till you hear the vendor’s side. The IT staff complains that resolving the password issue is a significant drain. As per the Forrester Report, users contact help desks 28 times a year for password issues. What about the two-factor authentications? Don’t they provide an added layer of security? Yes, they do make it difficult for attackers to impersonate a user, but it’s a cumbersome process which most users don’t want to get into.
Thanks to encryption and biometric, a user no longer has to enter a password to access his phone or type multiple special characters the next time he wants to use his smartphone for purchasing something. Mobile manufacturers have started embedding biometrics such as fingerprint or face, voice or iris sensors to provide higher security assurance to users. People like choosing convenience over security and biometrics relieved them of the responsibility of creating and remembering a strong password.
The thing is, the biometric system has a few complications too. Firstly, it requires deliberate user behavior. Scanning your face or finger every time you want to access your smartphones adds friction to the user experience. If you think biometrics is hard to compromise, then you are wrong. It’s not as secure as people think it is. Researches came up with synthetic fingerprints for unlocking 65 percent of the smartphones. Even an algorithm can mimic your voice with a few audio snippets and fool your biometrics just like that.
Biometrics and Passwords are vulnerable
Passwords have always been a weak link. Yes, they are hard to keep track of but people still use them because they are easier to change if compromised. But when it comes to biometrics, in case it’s stolen, you cannot change your face or your fingerprints, right? Ever since biometrics technology was introduced, cybercriminals have done their research to come up with tactics and backdoors in the system to steal the fingerprints of users. One example of that is the breach at the Federal Office of Personnel Management in 2015 that leaked fingerprints of 5.6 million people.
Security experts are worried that if more and more smartphone users start adopting fingerprints for authentication, this could lead to a series of identity thefts. You already know that it’s possible to steal fingerprints but do you know that facial recognition can be tricked too by using a photo on a Windows or
In conclusion, anyone can break into your phone even if it is password protected or requires biometrics authentication. Who knows what a criminal can do with your personal data from there. An unlocked device is just like a treasure chest for an unauthorized user. They can access your online banking accounts, emails, calendar, photos, or even install a tracking app such as Xnspy to monitor your location, and online behavior. Hackers even have a way of tapping into the Bluetooth or Wi-Fi connection of your phone, sniff your network traffic and steal all locally stored passwords and the passwords that you type when you check into your bank account. Crazy, right?
So what’s the future of mobile security then?
If passwords and biometrics fail to provide smartphone security, how is a user supposed to protect his device? This question needs attention. Fortunately, companies such as BehavioSec, UnifyID, and SecureAuth have started employing different aspects of behavioral biometrics to provide better security to smartphone users.
Behavioral biometrics measure the patterns of user activities. The user is authenticated by what he does rather than what he is. The machine learning algorithm gathers the smartphone sensor data and determines the user by his personal traits such as walking gait, the way he sits, or the Wi-Fi access points his device typically connects to. These algorithms also take into account the changes in user behavior. Let’s say a user sprains his ankle and that changes his gait and because of that the machine learning systems loses confidence in authenticating him. In that case, it will then present an alternative method of authentication to the user like a PIN or a password. This is something only an authorized individual would know.
Lots of industries (finance, travel, hospitality, e-commerce, and healthcare) have already started employing behavioral biometrics measures. Although it’s not a foolproof method, since our behavior uniquely identifies from the rest, it is a more secure system for authentication than what’s available so far.
About the Author
Hi, I am Alex Miller a front-end developer for a VoIP company in Tennessee. As a part of my routine, I review the latest gadgets and applications. Currently, I am covering the best apps available in all the major categories. I love watching football and Netflixing when I have some extra time