Udemy logo

define biometricsAuthenticated access to a system or facility has always been about determining the probability that the person attempting to gain access is who they claim to be. Traditionally – and this goes back long before computer systems were even dreamed off – authentication was proven on the strength of a shared secret or password. Sentries or custodians would issue a challenge in the form of “what’s the password?” Even today, it’s the most popular and widely accepted form of authenticating a user on computer systems. Today, security technology wants to know more. They want to know who you are rather than just requiring a password.

Learn biometrics and computer security with a class at Udemy.com.

Passwords by their very nature are a problem when positively authenticating a person. This is because passwords are a shared secret between the user and system. This, of course, relies on the fact that it is actually a secret to start with, and that it is something that only you are likely to know. This is where passwords are flawed. Passwords must be remembered, which means users create passwords that are easily recalled. For everyday use on a family computer, this is sufficient. However, it’s not the strongest method on a company’s secure server. System administrators enforce a strong password policy, but that does not address a major weakness, which is that a password is simply something that the person knows.

High security systems and facilities do not just rely on “something you know.”  They combine this question with a card or token that the access control system uses in conjunction with a password or PIN to provide another layer of security. This is termed two-part authentication, as the security is now based on “something you know” and “something you have.” This authentication method is preferred by banks when a customer uses a bank’s ATM service. The customer uses an ATM card (“something you have”) and then the system challenges the card customer’s identity with a PIN or “something you know.” Of course, for this to be true, two-part authentication and the PIN must never be stored on the card, whether encrypted or not. There must be no possibility that one part can be derived from the other.

Two-part authentication is a big step forward in securing a computer system or facility, as it requires someone who is fraudulently attempting to gain access to have both a physical item and a secret. It has worked well for banks for decades with measurable success. Customers have accepted the system and embraced ATM services and on-line banking, even though the bank has actually transferred its responsibility for security onto the customer. The bank unambiguously states that it is the customer’s responsibility to keep an ATM card safe and the PIN secret. This is because, as secure as two-part authentication is, it is not actually secure enough. This is where biometrics comes into the picture.

Want to learn more about biometrics? Learn more at Udemy.com.

In the era before ATMs became commonplace, most people did personal banking through a local high street branch of the bank, which issued and held the customer’s account. The bank relied then on a signature and an item of picture identification such as a passport or drivers license. If it was the customer’s local branch, then cash withdrawals could still take place even if the customer had no identification. This was possible through natural biometrics — the staff recognized the customer. This trumped the requirement for further identification, because personal recognition convinced the bank teller that the customer was who he claimed to be. This is the purpose of biometric systems — to recognize the person present and to determine with high probability that they are who they claim to be.

Biometric Factors

For any biometric security system to be fit a purpose, it has to have certain characteristics:

 

Types of Biometric Systems

Fingerprint and facial recognition are the most commonly used and accepted forms of biometrics in use today. This is because they are non-intrusive and provide all categories of biometric characteristics.

Dive deeper into the topic of biometrics with a course at Udemy.com.

 

Page Last Updated: April 2014

Top courses in Cybersecurity

Cybersecurity students also learn

Empower your team. Lead the industry.

Get a subscription to a library of online courses and digital learning tools for your organization with Udemy Business.

Request a demo