Phish-resistant: Biometrics
What are biometrics?
Biometrics, when used in an authentication flow, refer to the use of an individual's unique physical traits to verify their identity. Commonly used biometrics include fingerprints and facial recognition.
Why are biometrics considered phish-resistant?
Biometrics are considered phish-resistant as they are unique to each individual. These traits are specific to each person and are difficult to replicate.
Additionally, biometrics are often local to a user's device (smartphone, laptop) and stored in a secure enclave, preventing it from being shared or exposed elsewhere.
Should my organization implement biometrics?
Yes, biometrics are pretty universal in most modern devices, and generally offers a frictionless experience.
Biometrics should be incorporated as a component of a multi-factor authentication system, and should be complemented by other phish-resistant factors.
However, if implementation challenges arise due to technical constraints, user adoption, or unavailability of biometric options, it's crucial to fall back to alternative MFA methods that are also phish-resistant or tamper proof.
Beyond Identity's phish-resistant MFA uses biometrics along with hardware backed cryptographic keys to provide the highest level of MFA security and authentication.