Biometric Authentication
What is Biometric Authentication?
Biometric AuthenticationAn authentication method that verifies identity based on unique physical or physiological traits such as fingerprints, faces, irises, or voice patterns.
Biometric authentication uses measurable biological characteristics to confirm that a user is who they claim to be. A capture device (sensor or camera) extracts features from the trait and compares them against a stored template, either on-device (in a secure enclave) or against a server-side database. Common modalities include fingerprint, face, iris, palm vein, and voice recognition. Biometrics offer strong usability and resist password reuse, but they raise privacy concerns because traits cannot be revoked if leaked, and presentation attacks (spoofed fingerprints, deepfakes) require liveness detection. They are typically combined with another factor in MFA flows for high-assurance scenarios.
● Examples
- 01
Apple Face ID unlocking an iPhone via a secure enclave-stored face template.
- 02
A bank app using fingerprint authentication on Android to authorize a payment.
● Frequently asked questions
What is Biometric Authentication?
An authentication method that verifies identity based on unique physical or physiological traits such as fingerprints, faces, irises, or voice patterns. It belongs to the Identity & Access category of cybersecurity.
What does Biometric Authentication mean?
An authentication method that verifies identity based on unique physical or physiological traits such as fingerprints, faces, irises, or voice patterns.
How do you defend against Biometric Authentication?
Defences for Biometric Authentication typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Biometric Authentication?
Common alternative names include: Biometrics, Biometric login.