Secure your small business:
Apps → Data →

Biometric Authentication

Quick definition  ⓘ
Why it matters: Usernames and passwords aren't security enough for today's digital world—because anyone who gets ahold of them can use them. The same can't be said for bodies.
Percentage of data breaches that still involve stolen username-password credentials. Biometric authentication prevents this risk.

Key Points

  • Biometric authentication, once the stuff of science fiction, is a mainstay of cybersecurity today
  • Biometric authentication identifies users by measuring something about their body
  • Not by merely checking to see if the know something secret
  • Because bodies are a lot harder to accidentally reveal, share, or reuse than a secret
  • If you or your organization aren't using biometric authentication, you're at risk
© Artiemedvedev / Dreamstime

Today, hardware for biometric authentication is already "deployed" in the form of everyday mobile devices; companies just need to select providers that can make use of them.

Quick Read

We are finally in the age of biometric authentication after decades of entrenched username-password dominance.

This is important because, as we've long known, username-password combinations are difficult to manage, difficult to remember, and yet painfully easy to intentionally share, accidentally reveal, or for a malicious actor to immediately if discovered.

Though once biometric authentication required specialized hardware expensive enough for only large enterprises to invest in them, today biometric authentication hardware is everywhere. Most individuals have at least two forms of biometric authentication—fingerprint and face identification—with them at all times via their mobile phones.

Organizations may not realize, however, that these forms of authentication can be used for company security and authentication as well—not just personal security between user and phone. The FIDO2 standard, increasingly supported across the cloud universe, enables companies to leverage the biometrics on users phones for company authentication, in addition to or in place of passwords.

Also not yet commonly known are behavioral-biometric forms of biometric authentication. These work by observing users movement patterns as they do the things they would be doing anyway (such as their daily work), rather than requiring the user to take a concrete step like placing a finger on a fingerprint scanner.

This is important because it is a biometric-strong form of passive authentication—authentication that can happen without the user's knowledge, which makes true continuous authentication possible. With continuous behavioral-biometric authentication, a user's identity is continuously checked at all times, whenever they are (for example) typing or moving their mouse.

Organizations that haven't yet transitioned to biometric authentication via FIDO2, continuous authentication via behavioral biometrics—or both—should seriously consider doing so, as these significantly reduce the risk of account theft and unauthorized access, and can also go a long way toward reducing cyber insurance premiums.

Further Reading

—Aron Hsiao

Need Biometric Authentication solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
Real-time Identity Confirmation and SIEM Enrichment with Behavioral Biometrics
SSO, CASB, and DLP with Real-Time Passive Authentication

More to Know

© Rawpixelimages / Dreamstime

It's Easy to Deploy Today

While biometric authentication was once a specialized technology that was difficult to deploy, today it's easy. Adopting an SSO platform that supports FIDO2 enables you to leverage employee mobile devices and their biometric scanners for passwordless logins.

© Designer491 / Dreamstime

An Ounce of Prevention

Biometric authentication, while not unbreakable, is more secure than user-password authentication, the leading cause of data breaches. If you're using TOTP, you're already leveraging employee mobiles—so it's a small hop to biometrics.

© Gajus / Dreamstime

True Continuous Authentication

True continuous authentication solutions like Plurilock DEFEND add more security, enabling you to biometrically confirm identity all day, as users work. Even if an already logged in device is stolen, the thief can't use it, and even with both people in the room, accounts can't be shared amongst users.

Quick Definition

Biometrics is an identity verification strategy and matching set of technologies that authenticate users based on measured physiological attributes, such as the spacing of ridges on a finger, facial features, or the sequence of base pairs in a DNA sample. In cybersecurity, scans of fingerprints, faces, or retinas are the most commonly used biometric technologies.

Biometric usage remains controversial in cybersecurity circles because static physical features are relatively easy for determined attackers to recreate, and because stolen biometric data has significant privacy implications. Many consider behavioral biometrics to be a considerably improved successor to traditional biometrics, given its increased resistance to impersonation and significantly reduced vulnerability to privacy concerns.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.