Challenges of continuous authentication (3/3): Human nature
Today we will learn about the?two other factors that can cause problems in a biometric authentication system.?
The amount of data
One phrase you will never hear from a data scientist is: “Too much data”. Just like a 4-digit PIN is less secure than a 16-character “strong password”,?the size of a biometric data sample?used in training a continuous authentication system, and also when performing each verification,?have a huge effect on the accuracy.
It’s important to have data from as many different individuals as possible and as much data from each person as possible during the training of the system.?The other crucial factor is the length of the movement samples that you can evaluate when making your authentication decisions.
The longer the algorithm is allowed to learn the unique characteristics of a person’s cursor movement dynamics, and the longer the sample used for authenticating, the better the results.?
For example, in the latest test performed by Cursor Insight, we had 500 minutes of cursor movement from each test participant to train our model and used 30 seconds of movement data to perform a “continuous” evaluation with the trained model. Reducing the data collection time by just 40% resulted in a 68% drop in accuracy.
The variable nature of continuously observable biometrics
The third and most important group of factors (the first two being data quality and data quantity) is the variable nature of continuously observable biometrics, such as cursor movement patterns.
Even if there is enough data and the data noise is kept to a minimum,?there are countless unpredictable factors that are inherent to humans producing the movement data, such as:
This image shows the result of a real experiment with spiders making webs under the influence of different drugs. We didn’t do this experiment, but we think it illustrates the point very well.
And this was just a shortlist of the factors that influence cursor movement. It seems almost unfair having to factor in all these parameters.
The longer the training period, the more of the variability of a person’s movement is included in the data.?Adaptive algorithms help cope with slow, gradual movement pattern changes over someone’s life.?These changes are similar to how signatures might change as years pass or medical conditions develop.
Having worked with movement-based biometric authentication for over a decade, we see continuous authentication on the rise, partly because?technologies can be layered on top of each other, and they mix well with possession and knowledge-based multi-factor methods.?
One clear benefit?of implementing continuous authentication?is extending user identification?from a single-point-in-time of a login?to the whole duration of a user session, providing better protection against remote or physical account takeover. It may also protect critical and information-sensitive applications that normally don’t require a separate login, like a desktop email application.?
Continuous authentication offers a?seamless user experience by running in the background.?Performing password-based and multi-factor authentications several times during a workday can interrupt focused work and can accumulate to significant unproductive time. So replacing some one-off verifications with invisible, non-intrusive continuous authentication can also improve HR metrics.?
We found cursor movement-based biometric authentication on desktops to be the most appropriate?continuous authentication method in most cases. Virtually all computers are used with a pointing device, so?the availability of the data is ensured without any additional hardware.
Furthermore,?users move the cursor?for almost 7 hours during a workweek, about?4.5 times more than how much they type on the keyboard?[Taylor, 2007], so there is enough data generated to train biometric profiles and also to authenticate the users within a reasonable time and without extra user interaction.
Graboxy Sentinel?is a convenient?AI-based?cybersecurity solution that uses movement biometrics. Our?passive authentication tool?identifies the person?during the whole user session, without requiring additional actions from them, so the?user experience remains frictionless.?
Graboxy Sentinel?analyzes the user’s cursor movements, which are just as individual as a fingerprint, to create identity profiles.?If the real-time cursor movement analysis shows a divergence from the user’s biometric profile, Graboxy Sentinel flags the fraudulent user accessing the account.?Flagged users can be locked out or re-verified using traditional multi-factor authentication methods.
Continuous authentication tools, such as Graboxy Sentinel, help you protect yourself and your company from the consequences of account takeover attacks.
Conclusion
Understanding the factors impacting biometric authentication systems is crucial. Data quantity and quality, as well as the variable nature of biometrics, play significant roles. Longer training periods and diverse data improve accuracy, while unpredictable factors like body position and mood affect biometric patterns.
Continuous authentication offers benefits like extended user identification, protection against account takeover, and improved productivity. Cursor movement-based biometrics prove effective, utilizing existing pointing devices and generating abundant data.
Graboxy Sentinel, an AI-based solution, analyzes cursor movements for continuous authentication. It detects fraud in real-time and offers seamless user experience. Safeguard yourself and your company with Graboxy Sentinel.