Behavioral-biometric solutions are lower-friction, more difficult to fool, are more privacy-safe, and are capable of continuous authentication. While methods for defeating many traditional biometric solutions have been widely demonstrated, behavioral-biometric solutions are much less susceptible to defeat. This is because behavioral-biometric solutions evaluate user characteristics on an ongoing basis, over time—meaning that attackers must not just “get it right” for a momentary scan, but in fact must accurately sustain an impersonation through a very large number of computing cycles, which is prohibitively difficult to do.¶Just as importantly, behavioral-biometric solutions do not overlap in the same way with law enforcement and other forms of attribution activity. Users and regulators are rightly concerned with the widespread use of fingerprint and facial data, which can be used to identity users in the real world. The data analyzed by Plurilock’s behavioral-biometric solutions, on the other hand, cannot be used to reconstruct a user's real-world identity even if somehow obtained.¶As compared to traditional biometric solutions, behavioral-biometric solutions do not require an additional “step” during authentication workflows. Instead, they observe the user silently, in the background, to confirm identity, eliminating the need for an often awkward and error-prone “scan step” that often requires dedicated hardware to complete.¶Finally, because they rely on analyzing patterns in user behavior over time, behavioral-biometric solutions provide continuous authentication capability—they can confirm a user's identity continuously, in the background, throughout the workday—as users carry out their regular work. This is not possible with traditional biometric checks, which require the user to pause what they are doing and present a body part for measurement whenever identity is to be checked.
Stay informed. Join our low-volume list for news and updates.
Plurilock is the leader in advanced, risk-based authentication. We provide invisible, device-free MFA for corporate endpoints, Citrix sessions, cloud applications, and their users in finance, healthcare, education, and SaaS.