Challenge-response available to guard against video attacks

  • Monday, September 12, 2016
  • Tanya Graw

BioID challenge-response uses motion detection to verify that the head is turned in a randomly specfied direction.

One of the challenges in biometrics is to protect against so-called replay attacks, where a person's biometrics are copied or recorded and presented by an impostor to mimic the real thing. From the start, we included our unique patented liveness detection to protect against such attacks using photos of a legitimate user. Now you can have even stronger protection from impostors attempting to access another person's account using videos of that person. With challenge-response, during verification users are guided to turn their head in specified random directions. Motion analysis verifies that the instructions were followed. In this way, we ensure that the verification images captured are from a live person and not a photo or video.

This option can be enabled in your BioID account profile settings, and is available for verification through BioID websites as well as in the latest version of the BioID Face Recognition Authenticator for iOS.

Read More

Multi-factor authentication available to secure your BioID account

Knowledge factor: something you know, e.g. passwordInherence factor: something you are, biometricsPossession factor: something you have, e.g. security code from mobile device or email

For additional protection you can now protect your BioID account with multi-factor authentication! It's easy and flexible, simply log in using any two factors: biometrics, password or a one-time security code delivered via TOTP authenticator app, SMS text message or email. You can even have BioID remember trusted devices and browsers so that multi-factor is only required when the device/browser is not recognized.

This also provides a secure fall-back: in case you forget your password, for instance, you can still log in with biometrics and security code.

Read More

Multifactor authentication with mobile biometrics

Passwords scribbled on a laptop keyboard.

User authentication is the process of verifying a user's identity in order to grant access to data and services. Traditional authentication relies on passwords, but it is all too clear that this is no longer an acceptable solution. On the one hand, advances in technology have made it much easier to crack even a difficult password. On the other hand, the sheer number of accounts that an individual must manage has grown to the point where most people cannot remember a different long and complex password for each account. For instance:

A better solution is needed that provides greater security while making it easier on legitimate users to access their accounts.

Read More

Selecting a biometric security vendor: why authentication expertise matters

Biometric samples in law enforcement are often very poor quality compared to samples in biometric security authentication.

The majority of biometrics vendors today concentrate on law enforcement, surveillance and forensic applications. Is such a vendor the best choice when it comes to authentication applications, such as virtual and physical access control or transaction authorization? To answer that question, we need to understand what these applications have in common and how they differ.

All of these applications share some characteristics. They all need capture of biometric information in order to compare it with information from one or more previously captured samples. They all are typically implemented in large scale with high performance requirements. And they all require a fair degree of accuracy. However, there are some very important differences between the two groups of applications.

Read More

Guarding against biometric fraud with liveness detection

One of the top advantages of biometric authentication is that, unlike a password or token, the credentials can't be stolen. However, they can be copied. In the case of face recognition it is easy for a determined attacker to get a photo or video of their victim, either in person or through social media, and use it to attempt fraud in the form of a "replay attack". In order to ensure that biometric traits are presented by a live person and not a photo or recording, even in unsupervised authentication applications such as online login or mobile payments, several techniques for face liveness detection have been developed. However, some are more effective than others. 

Read More