Behavioural biometrics – the future of security

Some major players are showing an interest in behavioural biometrics

The jury is out on whether the humble alphanumeric password is dead, but the popularity of '123456', 'password' and 'qwerty' doesn't exactly breed confidence. Cue biometrics, in the form of a fingerprint sensor on an iPhone to power Apple Pay. But such 'static' biometrics is last year's tech…

What is static biometrics?

It's all fingers, faces, eyes and even ears, with the theory going that while a credit card number, a password or a PIN number can be stolen, something unique to your body cannot.

Nobody is going to steal your face (although it does change over time, reducing accuracy), but like all static biometrics, there are serious shortcomings. For starters, fingerprint sensors and face recognition tech only tends to be on high-end smartphones, such as the latest iPhone and Samsung Galaxy S devices. Such phones are popular in certain markets, but they're certainly not ubiquitous, and the biometric systems themselves use proprietary technology that limits their use.

Static biometrics relies too much on hardware for mass adoption

Static biometrics relies too much on hardware for mass adoption

As well as requiring significant hardware, static – also known as physical – biometrics don't offer ongoing security. You face or finger might get you into your phone to do a spot of internet banking, but is it still you using the handset five minutes later? The banks need constant reassurance of your identification, which is why they're turning to a new technology that monitors the way you use your phone, whatever the model. This is behavioural biometrics, and it's devastatingly simple.

What is behavioural biometrics?

The search is on to find a uniquely identifying characteristic not of what you are, but of what you do. An example is gait – analyse someone's walking style and you can easily determine their identity. However, that's not going to work on a smartphone. The next example is rather ironic; a person's signature – once the only security layer in banking – can be analysed since exact handwriting style is unique to everyone. It's possible that devices could soon analyse the speed, style and exact position on the screen of how you sign your name, probably using a stylus.

Your analysed behaviour could soon become a security key

Your analysed behaviour could soon become a security key

However, it's the recognition and analysis of something all of us do all the time on our smart devices that is quickly gaining traction as a new way of establishing identity. Some banks are turning to typing recognition on smartphones as an extra layer of security against fraud, and Google is showing an interest, too.