Some authentication systems employ a third factor—“what you are.” Implementation of this third factor typically involves use of biometrics (e.g., voiceprints, fingerprints, iris patterns, retinal patterns, DNA).1 The use of biometrics for authentication is based on the presumption that each individual has certain biological characteristics that permit unique identification of that individual.
While the use of biometrics is generally believed to offer a high level of security, the security provided by any given biometric measure may depend in part on how the measure is implemented, which may, in turn, raise issues of user convenience. Thus, for example, there is an error-rate tradeoff associated with biometric authentication, under which an increase in security is “almost universally” correlated to an increase in the false rejection rate—that is, the percentage of legitimate users who are not permitted to access the system.2
Back