Security is hard. Using the same password for everything is easy.
Over the years, we’ve made it easier for users to do the right thing, from email-based verification to one-time passwords via email and security tokens. But nearly all these solutions require you to have your mobile phone or security device with you. And if you’re overseas, you might have additional problems.
Could biometric authentication help ease the problem? There are some options already that you can implement in web applications today. But what are the implications, and are they truly biometric authentication?
In this talk, we will
- review the three primary factors of authentication;
- learn that not all authentication mechanisms fall squarely into one of these factors; and
- discuss the difference between identification and authentication, and how various combinations might not provide adequate confidence of a user’s identity.
Time permitting, we’ll look at some live demos of biometric authentication for web applications.
Biometric security - it’s hard to leave home without it.