Multifactor authentication is increasingly used and recommended by organizations to strengthen the security of authenticating people and protecting data. By requiring more than one method of user identification, the multifactor authentication becomes a more secure and effective alternative to fraud.
In practice, however, the process ends up being limited to identification by what the user knows (passwords, security questions) and what the user has (mobile phone, email). This method may prove inadequate for critical data. For example, if someone gains access to your mobile phone, they will most likely have one of your authentication factors and access to password recovery for multiple accounts (including banks).
With this in mind, it is important to consider a third means of identification: the user's biometrics. Biometric identification is harder to spoof, and when used with multifactor authentication, it strengthens security.
In this article, you'll learn how to implement multifactor authentication with biometrics using BioPass ID's Multibiometrics package.
Benefits of using Multibiometrics for multifactor authentication
The Multibiometrics API package allows you to build multifactor authentication using more than one biometric option. By using it in your application, you can enjoy the following benefits:
- Easy to use: the package summarizes all the implementation details, exposing only what is necessary to the user.
- Device independence: the Rest API can be implemented on any device that has Internet access.
- Efficiency: our 3-second Service Level Agreement (SLA) to perform operations allows for smooth biometric authentication without impacting the end-user experience.
Multibiometrics: Multiple Functionalities in a Single API Package
Multibiometrics is a Rest API that provides a set of operations for building applications with biometric authentication. The solution is simple and easy to implement, requires minimal knowledge of biometrics on the client's part, and allows implementation at a low cost, in less time and with less effort.
Multibiometrics currently supports two types of biometrics: face and fingerprint. The system provides all the necessary infrastructure to manage the registration, storage, and authentication of identities. This includes the registration, deletion, updating and verification of individuals' biometric data.
Multibiometrics offers many features, including:
- Face recognition.
- Face Anonymization.
- Extraction of biometric features.
- Biometric image comparison.
- Fingerprint image compression and decompression.
- Face fraud detection.
The platform also provides the entire biometric database infrastructure without additional cost. Customers can also choose to implement their own infrastructure.
How to apply multifactor authentication with multibiometric authentication?
Now that you know about multibiometrics, it's time to learn. You can use the BioPass ID documentation to implement the package operation requests.
Follow the step-by-step instructions to apply multifactor authentication with multibiometrics:
- Obtain access to the Multibiometrics Package
To access and use the Multibiometrics Package operations, you must create an account in the BioPass ID system and generate an application key. This key will be used for all Multibiometrics operations. You can find the step-by-step process for obtaining it in the first section of the article 4 Steps for Integrating a Biometric API into BioPass ID.
- Implement multibiometric operations
2.1 Get to know the Multibiometrics documentation
The documentation for the Multibiometrics package is available at this link. In the file, you will find a description of the operations already performed, as well as the information needed to use it:
On the right side of the documentation, you can see a practical example of how to implement each operation in a programming language. The programming language and the associated library can be set in the Language section at the top left of the tab:
The headers required to make the request and the input and output data structures are also provided in the documentation:
Please note that the fields marked with double curly brackets will have to be replaced by the programmer.
2.2 Generating the code and filling in the entries
The input and output structures described in the package documentation are encoded in JSON format. It is therefore possible to automatically convert them to a programming language using an online conversion tool such as JSON2CSharp. This tool can convert to C#, Java, Dart, and Python.
With the input and output classes in hand, attention must be paid to communication with the Multibiometrics endpoints. This process is done using strings. Therefore, the input and output objects must be serialized and deserialized, respectively, transforming them into JSON strings (serialization) and objects (deserialization).
In this way, all that remains is to make the necessary adaptations in the codes provided in the documentation to include the input duly filled, with images encoded in base64 string according to the guidelines in the documentation, and with the access key associated with the Ocp-Apim-Subscription-Key header.
- Integrating Multibiometrics with Multifactor Authentication
To implement the process of biometric multifactor authentication with multibiometrics, the application must be able to meet the following requirements:
- Register, modify, and delete an individual's biometric information.
- Verify if a biometric image belongs to a specific individual.
- Prevent fraud attempts.
- Capture the individual's face and/or fingerprint biometrics.
To meet the first two requirements, simply use Multibiometrics' CRUD operations: register, delete, update, and verify. To use them, assign an identifier to the registered individual and enter the biometric images when necessary.
It is worth noting that it is possible to choose the type of biometric to be registered and verified. Depending on the business rule, only facial biometrics may be required for registration/verification. Alternatively, fingerprint biometrics can be verified, or even both if a higher level of security is desired.
It is important to be aware of the risk of attempted fraud in this process. While it is difficult to obtain fingerprint images of a specific person, it is relatively easy to obtain facial images from photographs.
To prevent identity theft, it is advisable to use the 2D liveness operation in addition to the CRUD operations. This operation verifies that the face capture is legitimate and detects any fraudulent acts.
It should also be noted that for the process to work optimally, the photo analyzed by Liveness 2D must be the same one used in the registration, update, and verification operations. Another important point regarding the implementation of the process is the protection of the access key. It is necessary to avoid direct requests to Multibiometrics in the same application that the user is using.
Finally, we need to discuss a fundamental issue: the collection of an individual's biometrics. For biometric analysis to work properly, it is necessary to ensure that the biometrics are captured at a minimum acceptable quality. In addition, fingerprint capture is highly dependent on the equipment used. For this reason, different implementations are recommended for different sensors.
However, the importance of the BioPass ID capture SDKs stands out. The solution is designed to support the use of the multibiometrics package and provide a customized, user-friendly interface. For more information about the Face Capture SDK, see the Face SDK article. As for fingerprint capture, you can visit the official Fingerprint SDK page, which provides technology for capturing fingerprints from a mobile phone camera.
Multibiometric Technology for More Accurate and Fraud-Free Authentications
In this article, we explained how multibiometric analysis can be included in the multifactor authentication process to increase the security of applications using the BioPass ID multibiometric technology. Additionally, we described how to implement multibiometric operations and what operations must be performed for the process to operate properly. To wrap things up, we introduced two products that help with the biometrics capture process, a requirement for using the Multibiometrics package.
If you have any questions, please check the FAQ on our support page and contact our team via chat.
