Behavioral Biometrics is the science and technology behind using observations of how someone does things (behavior) to verify and validate their identity. Its history goes all the way back to WWII where my grandfather, Major Robert Steele, served in the Army Signal Corps. Axis telegraph operators communicated heavily encrypted messages to each other in Morse Code that their Allied counterparts couldn’t decrypt. However, the Allies could hear the encrypted transmission and knew generally where they were coming from. Allied operators realized they could recognize the unique keying patterns of each Axis operator (known as the operator’s “Fist”). By linking the operator to their unit or a high-ranking official, the Allies were able to predict Axis troop movements and strategy.
My grandfather’s telegraph key that has stayed in the family for over 70 years.
In the age of digital security, Behavioral Biometrics were forgotten outside of academia, reappearing in the last 7 or 8 years, but with a powerful message. Behavioral Biometrics are different from other forms of authentication, because they’re invisible to the user. It’s about looking at how they’re doing their daily activities (i.e. listening for a Fist), and can therefore be used continuously. The promise is that they can turn the paradigm of authentication on its head, making it an automated software process rather than needing significant human effort.
Recent financial news has cemented Behavioral Biometrics as a cornerstone of modern identity security. BioCatch announced that they have raised a $145M in funding led by Bain Capital. This puts them on track to be the first Behavioral Biometrics unicorn. Their focus has been using Behavioral Biometrics to combat fraud in consumer-facing finance applications, which is the beachhead for Behavioral Biometrics in Enterprise. They’re not alone. Close behind them is BehavioSec which has raised $25M to date in funding and TypingDNA with $7M in growth funding this year from Gradient, Google’s strategic investment arm. MasterCard previously acquired Behavioral biometrics provider NuData for an undisclosed amount, rumored to be in the 9-figures. There is a marked shift from the early days of Behavioral Biometrics, where every customer conversation began with an explanation of how behavior could be used for identity, to a maturity where customers and vendors understand the value and adopt services.
Behavioral Biometrics has cemented its beachhead in anti-fraud and its place in the Identity and Access Management (IAM) stack and is now moving towards realizing the full potential of its promise: invisible, continuous authentication. This requires a shift in technology, away from recognizing aspects of behavioral “Fists” that correspond to fraudulent use, and back to the basics of profiling and matching a “Fist” to each individual user. The promise is that Behavioral Biometrics will serve as the backbone of a new, continuous authentication that removes the user from the identity security flow.
At TWOSENSE.AI, we’re following in the footsteps of my grandfather, applying Behavioral Biometrics for continuous authentication, starting in the workplace, for the workforce. Our software integrates by layering on top of existing Single Sign-On (SSO) and Multi-factor Authentication (MFA) software, learning to recognize the behavioral “Fist” of each user. The continuous authentication responds to MFA challenges on the user’s behalf in the background, creating a far better user experience, and continuously protects every action the user executes with Behavioral Biometrics, for true Zero Trust security.
The maturity of Behavioral Biometrics and continuous authentication are bringing us into the new age, where authentication and identity security will no longer be the responsibility of the user. This will create a more secure workforce; all with less user effort and reduced room for human error.Hello world!