Are humans destined to be the “Weak Link” in cybersecurity?
Security professionals often lament the “human element.” They usually cite human fallibility as one of the reasons our systems are not secure. As humans, we are not good at coming up with or keeping track of passwords. We don’t follow security guidelines. We are easily fooled by phishing or social engineering. We often act in ways that leave systems vulnerable.
It is time to flip this attitude around. Yes, humans are not machines. We are wonderfully flawed, and unique: a combination of nature and nurture, a product of our experience and circumstance, all woven together with the human spirit to form the tapestry of who we are. All of these little imperfections are not “bugs” to be fixed, but form the core of our humanity.
Enter motion-based behavioral biometrics:
One Small Step for Man, One Giant Leap for Authentication
In August, UnifyID released a new API called GaitAuth™ which can authenticate a person based on the motion associated with their gait – the way they walk – completely passively and at a high level of accuracy. It is able to return an authentication result after only a few steps of carrying your phone. This allows you to authenticate a user using one of the most natural human actions: walking.
You may wonder how unique someone’s gait truly is. Your gait is a product of your unique physiology and years of muscle memory. And unlike static biometrics like fingerprint or facial recognition, it is dynamic and constantly changing, and it is hard for others to spoof and steal. We’ve tested our models using anonymized data from millions of mobile phones and found the accuracy of gait-based authentication can rival other biometrics like fingerprint, iris, or face. Gait also has the benefit that it continues to work even if the user is wearing a face mask or gloves.
GaitAuth is the culmination of almost four years of research and development into motion-based behavioral biometrics from the UnifyID team to bring a solution that is highly accurate, efficient, robust, and secure.
How does it work?
UnifyID GaitAuth SDK leverages the readings of the motion sensors in the smartphone to identify a user’s movements. Since each individual moves in a unique way, these sensor readings can help us uniquely identify a person based on the way they move and walk.
Motion-based behavioral biometrics use cases
Because GaitAuth can run passively in the background, it is useful in a wide variety of situations:
- Continuous Authentication: You can detect if a device changes possession within a handful of steps and deauthenticate the user. The user also does not need to be walking to authenticate. Because GaitAuth runs passively in the background, you can also use historical information about the last time they were walking and whether the phone has left their possession since that time.
- Cross-Device Authentication: Automatically unlock your computer when you approach your desk or touchless access to ATMs, kiosks, or point terminals. You can leverage the passive GaitAuth biometric signal from the phone to authenticate to other devices, without having to take out your phone.
- Restricted Access: motion-based behavioral biometrics are a great fit for situations where workers have access to sensitive data, but are on the move and need to authenticate often, such as medical workers, airport personnel, or flight attendants. This is especially true if workers may be wearing masks or gloves, as face or fingerprint recognition may be impractical.
- Opening Doors: By using GaitAuth, a user can walk up to a door with their phone and have the door unlock automatically. If someone steals their phone, their gait signature will not match and they cannot unlock the door.