Biometrics and Token-Based Authentication

Biometric authentication verifies identity based on unique physical or behavioral characteristics — 'something you are.' Unlike passwords, biometrics cannot be forgotten, shared easily, or lost. However, they also cannot be changed if compromised: you cannot get a new fingerprint. Biometric systems measure and compare a biological or behavioral trait against an enrolled template stored during setup. The quality of a biometric system is measured by its error rates and the security of how templates are stored. Biometrics are most powerful when combined with another factor (e.g., fingerprint + PIN).

Physiological biometrics are based on physical characteristics of the body. Key types include: Fingerprint: most widely deployed due to low cost and acceptance; used in phones, access control, and border security. Retinal scan: scans blood vessel patterns on the back of the eye — very accurate and hard to spoof, but requires close contact with the reader. Iris scan: scans patterns in the colored part of the eye — can be done from greater distance, used in airports. Facial recognition: analyzes facial geometry from a camera; increasingly accurate but can be affected by lighting, aging, and disguises. Hand geometry: measures hand shape and finger length.