“Businesses are rapidly adopting biometric authentication marketing as it serves a dual purpose: enhancing security and providing a customized marketing experience.”
But does it pay? Yes.
“By integrating fingerprint recognition technology, a retail company optimized its app experience, leading to a 20% increase in online sales. In another case, a banking institution used facial recognition for secure and quick authentication, resulting in a customer service rating boost of 25%.”
There are ways other than biometrics to know who your prospects are, but knowledge based authentication (KBA) such as passwords has its weaknesses. With KBA you may not be interacting with your prospects, but with your prospect’s spouse or child.
JOE’S ALCOHOL EMPORIUM: Evelyn, what types of alcohol do you prefer?
EVELYN’S TEENAGE SON WHO KNOWS HER PASSWORD IS HIS BIRTHDATE: 200 proof, man! Let’s get wasted!
Bredemarket has created targeted, segmented content, including individualized content. Let me help you communicate with your individual prospects. Talk to me.
An authentication factor is a discrete method of authenticating yourself. Each factor is a distinct category.
For example, authenticating with fingerprint biometrics and authenticating with facial image biometrics are both the same factor type, because they both involve “something you are.”
But how many factors are there?
Three factors of authentication
There are some people who argue that there are only really three authentication factors:
Something you know, such as a password, or a personal identification number (PIN), or your mother’s maiden name.
Something you have, such as a driver’s license, passport, or hardware or software token.
Something you are, such as the aforementioned fingerprint and facial image, plus others such as iris, voice, vein, DNA, and behavioral biometrics such as gait.
Somewhat you why, or a measure of intent and reasonableness.
For example, take a person with a particular password, ID card, biometric, action, and geolocation (the five factors). Sometimes this person may deserve access, sometimes they may not.
The person may deserve access if they are an employee and arrive at the location during working hours.
That same person may deserve access if they were fired and are returning a company computer. (But wouldn’t their ID card and biometric access have already been revoked if they were fired? Sometimes…sometimes not.)
That same person may NOT deserve access if they were fired and they’re heading straight for their former boss’ personal HR file.
Or maybe just five factors of authentication
Now not everyone agrees that this sixth factor of authentication is truly a factor. If “not everyone” means no one, and I’m the only person blabbering about it.
So while I still work on evangelizing the sixth factor, use the partially accepted notion that there are five factors.
“World Password Day occurs on the first Thursday in May each year. It’s a day dedicated to raising awareness about the importance of password security and promoting good password practices to enhance your online security.”
And even if you belong to the “passwords are dead” movement, you’d better celebrate anyway because passwords will remain longer than you think.
(With a special message at the end for facial recognition and cybersecurity marketing leaders)
Years ago, when I was in Mexico City on a business trip, one of my coworkers stated that he never uses biometrics to protect the data on his smartphone.
His rationale?
Government officials can compel you to use your biometrics to unlock your smartphone. They can’t compel you to provide your passcode to government officials.
Ironically, we both worked for a biometric company at the time.
But my former coworker isn’t the only one making this statement. With the recent protests, and with the recent searches of people crossing the U.S. border by plane or otherwise, this same advice is echoed everywhere.
ZDNET quotes law firm managing partner Ignacio Alvarez on passcodes:
“But the majority of the courts have found that being required by law enforcement to give your code to your devices violates your Fifth Amendment right against self-incrimination.”
Note what Alvarez said: the MAJORITY of the courts. So if you end up before the “wrong” court, you might have to provide your passcode anyway.
ZDNET also quotes attorney Joseph Rosenbaum:
“Passwords or passcodes, because they represent information contained in a person’s mind, seem to generally be considered the same as requiring someone to testify against themselves in court or in a deposition,” he told ZDNET. “That information is more likely to be legally protected under the Fifth Amendment as potentially self-incriminating.”
Notice his “seem to generally be” and “more likely to be” language. Again, you could still be compelled to give your passcode.
But that’s the easy part.
Biometrics: it’s complicated
But passcodes are the easy part. Biometrics are much more of a gray area.
The rationale behind not giving up your biometric is similar to the rationale behind the Miranda warning. As Dragnet fans know, “Anything you say can and will be used against you in a court of law.” Regarding passcodes, the courts…well, some of the courts, hold that since a passcode can be “spoken,” it’s covered under Miranda and therefore can’t be given without violating your Fifth Amendment rights.
What about biometrics? (Excluding voice biometrics for the moment.)
“…since a biometric isn’t spoken, production of that biometric may not legally qualify as the act of testifying against yourself and therefore, you can be compelled to unlock a phone or an app without necessarily having your rights violated.”
Again, note the use of the words “may not.” It isn’t clear here either.
And even these wishy-washy definitions may change.
“This area of law is a seriously moving target. Over time, things could favor passcodes being non-testimonial or biometrics being testimonial.”
In other words, a few years from now lawyers may advise you to use biometrics rather than passcodes to protect your private data on your smartphone.
Or maybe they’ll say both methods protect you equally.
Or maybe they’ll say neither method protects you, and your private data is no longer private.
But most likely they’ll say “It depends.” In the same way that our 18,000 law enforcement agencies have 18,000 different definitions of forensic science, they could have 18,000 different definitions of Miranda rights.
And one more thing…
Bredemarket has two openings!
The formal announcement is embargoed until Monday, but Bredemarket has TWO openings to act as your on-demand marketing muscle for facial recognition or cybersecurity:
Do you believe in intentional ignorance, stupidity, and idiocy?
Let me put it another way:
Do you believe in the “death of passwords”?
The rationale behind the decades-long death of passwords movement is that passwords do not provide 99.99999% security, therefore NO ONE should EVER EVER EVER use a password, or ANY other form of knowledge (PIN, first pet, what a traffic light looks like, college GPA, favorite RGB value).
I have a different view.
Knowledge CAN be part of a robust multi-factor identity verification or authentication solution.
Just like biometrics CAN be part of a robust multi-factor identity verification or authentication solution. Oh, you think biometrics should be the SOLE (geddit?) factor? I hate to break this to you, but biometrics do not provide 99.99999% security either.
And for the simpler use cases (such as garage sale money boxes), knowledge-based authentication such as a combination lock is a viable security system.
Don’t rely on passwords alone…
…but don’t completely ban them either. Knowledge ain’t dead.
When marketing your facial recognition product (or any product), you need to pay attention to your positioning and messaging. This includes developing the answers to why, how, and what questions. But your positioning and your resulting messaging are deeply influenced by the characteristics of your product.
If facial recognition is your only modality
There are hundreds of facial recognition products on the market that are used for identity verification, authentication, crime solving (but ONLY as an investigative lead), and other purposes.
Some of these solutions ONLY use face as a biometric modality. Others use additional biometric modalities.
Similarly, a face-only company will argue that facial recognition is a very fast, very secure, and completely frictionless method of verification and authentication. When opponents bring up the demonstrated spoofs against faces, you will argue that your iBeta-conformant presentation attack detection methodology guards against such spoofing attempts.
Of course, if you initially only offer a face solution and then offer a second biometric, you’ll have to rewrite all your material. “You know how we said that face is great? Well, face and gait are even greater!”
It seems that many of the people that are waiting the long-delayed death of the password think that biometrics is the magic solution that will completely replace passwords.
For this reason, your company might have decided to use biometrics as your sole factor of identity verification and authentication.
Or perhaps your company took a different approach, and believes that multiple factors—perhaps all five factors—are required to truly verify and/or authenticate an individual. Use some combination of biometrics, secure documents such as driver’s licenses, geolocation, “something you do” such as a particular swiping pattern, and even (horrors!) knowledge-based authentication such as passwords or PINs.
This naturally shapes your positioning and messaging.
The single factor companies will argue that their approach is very fast, very secure, and completely frictionless. (Sound familiar?) No need to drag out your passport or your key fob, or to turn off your VPN to accurately indicate your location. Biometrics does it all!
The multiple factor companies will argue that ANY single factor can be spoofed, but that it is much, much harder to spoof multiple factors at once. (Sound familiar?)
So position yourself however you need to position yourself. Again, be prepared to change if your single factor solution adopts a second factor.
A final thought
Every company has its own way of approaching a problem, and your company is no different. As you prepare to market your products, survey your product, your customers, and your prospects and choose the correct positioning (and messaging) for your own circumstances.
And if you need help with biometric positioning and messaging, feel free to contact the biometric product marketing expert, John E. Bredehoft. (Full-time employment opportunities via LinkedIn, consulting opportunities via Bredemarket.)
In the meantime, take care of yourself, and each other.
We’ve been talking about the death of the bicycle since the time of the Wright Brothers and Henry Ford.
But we still haven’t achieved it.
Wilbur Wright building a bicycle two centuries ago before he came to his senses. By Wright brothers – Library of Congress CALL NUMBER: LC-W85- 81 [P&P]REPRODUCTION NUMBER: LC-DIG-ppprs-00540 (digital file from original)LC-W851-81 (b&w film copy, Public Domain, https://commons.wikimedia.org/w/index.php?curid=2217030
What will it take to make the death of the bicycle a reality?
Why does the bicycle need to die?
I think that all intelligent people agree that the bicycle needs to die. But just to be extra-cautious, I will again enumerate the reasons why the death of the bicycle is absolutely necessary.
By Photo by Adam Coppola. – Photo by Adam Coppola taken under contract for PeopleForBikes, released into the public domain with the consent of the subjects.[1][2], CC0, https://commons.wikimedia.org/w/index.php?curid=46251073
The bicycle is too slow. Perhaps the bicycle was suitable for 19th century life, but today it’s an embarrassment. The speed of the bicycle has long been surpassed by automobiles from the aforementioned Ford, and airplanes from the aforementioned Wrights. It poses a danger as slow-moving bicycle traffic risks getting hit by faster-moving vehicles, unless extraordinary measures are undertaken to separate bicycles from normal traffic. For this reason alone the bicycle must die.
The bicycle is too weak. If that weren’t enough, take a look at the weakness of the bicycle and the huge threat from this weakness. You can completely destroy the bicycle and its rider with a simple puddle of oil, a nail, or a misplaced brick that a bicycle hits. This is yet another reason why the bicycle must die.
The bicycle is too inefficient. Other factors of transportation are much better equipped to carry loads of people and goods. The bicycle? Forget it. Any attempt to carry a reasonable load of goods on a bicycle is doomed to failure.
The bicycle is too easy to steal. It takes some effort to steal other factors of transportation, but it is pitifully easy to steal a bike, or part of a bike.
Despite everyone knowing about these security and personal threats for years if not decades, use of the bicycle continues to persist.
And we have to put a stop to it.
Why does the bicycle continue to live?
The problem is that a few wrongheaded individuals continue to promote bicycle use in a misguided way.
Some of them argue that bicycles provide health benefits that you can’t realize with other factors of transportation. Any so-called health benefits are completely erased by the damage that could happen when a bicycle rider ends up face down on the pavement.
Others argue that you can mitigate the problems with bicycles by requiring riders to change to a new bicycle every 90 days. This is also misguided, because even if you do this, the threats from bicycle use continue to occur from day one.
Make sure your bicycle has a wheel, spokes, seat, and drink holder, and don’t use any of the last six bicycles you previously used. By Havang(nl) – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=2327525
How do we solve this?
People have tried to hasten the death of the bicycle, but its use still persists.
We have continued to advance other factors of transportation, both from the efforts of vendors, as well as the efforts of industry associations such as the International Bus and Infiniti Association (IBIA) and the MANX (Moving At Necessary eXpress) Alliance.
Yet resistance persists. Even the National Institute of Standards and Technology (NIST), which should know better, continues to define bicycle use as a standard factor of transportation.
The three most recognized factors of transportation include “something you pedal” (such as a bicycle), “something you drive” (such as an automobile), and “something you ride” (such as a bus).
NIST Special Publication 800-8-2. Link unavailable.
It is imperative that both governments and businesses completely ban use of the bicycle in favor of other forms of transportation. Our security as a nation depends on this.
Do your part to bring about the death of the bicycle in favor of other factors of transportation, and ensure that we will enjoy a bicycleless future.
A personal note
I don’t agree with anything I just wrote.
Despite its faults, I still believe that the bicycle has a proper place in our society, perhaps as one of several factors of transportation in an MFT (multi-factor transportation) arrangement.
And, if you haven’t figure it out yet, I’m not on board with the complete death of the password either. Passwords (and PINs) have their place. And when used properly they’re not that bad (even if these 2021 figures are off by an order of magnitude today).
Feel free to share the images and interactive found on this page freely. When doing so, please attribute the authors by providing a link back to this page and Better Buys, so your readers can learn more about this project and the related research.
I know that I’m the guy who likes to say that it’s all semantics. After all, I’m the person who has referred to five-page long documents as “battlecards.”
But sometimes the semantics are critically important. Take the terms “factors” and “modalities.” On the surface they sound similar, but in practice there is an extremely important difference between factors of authentication and modalities of authentication. Let’s discuss.
What is a factor?
To answer the question “what is a factor,” let me steal from something I wrote back in 2021 called “The five authentication factors.”
Something You Know. Think “password.” And no, passwords aren’t dead. But the use of your mother’s maiden name as an authentication factor is hopefully decreasing.
Something You Have. I’ve spent much of the last ten years working with this factor, primarily in the form of driver’s licenses. (Yes, MorphoTrak proposed driver’s license systems. No, they eventually stopped doing so. But obviously IDEMIA North America, the former MorphoTrust, has implemented a number of driver’s license systems.) But there are other examples, such as hardware or software tokens.
Something You Are. I’ve spent…a long time with this factor, since this is the factor that includes biometrics modalities (finger, face, iris, DNA, voice, vein, etc.). It also includes behavioral biometrics, provided that they are truly behavioral and relatively static.
Something You Do. The Cybersecurity Man chose to explain this in a non-behavioral fashion, such as using swiping patterns to unlock a device. This is different from something such as gait recognition, which supposedly remains constant and is thus classified as behavioral biometrics.
Somewhere You Are. This is an emerging factor, as smartphones become more and more prevalent and locations are therefore easier to capture. Even then, however, precision isn’t always as good as we want it to be. For example, when you and a few hundred of your closest friends have illegally entered the U.S. Capitol, you can’t use geolocation alone to determine who exactly is in Speaker Pelosi’s office.
(By the way, if you search the series of tubes for reading material on authentication factors, you’ll find a lot of references to only three authentication factors, including references from some very respectable sources. Those sources are only 60% right, since they leave off the final two factors I listed above. It’s five factors of authentication, folks. Maybe.)
The one striking thing about the five factors is that while they can all be used to authenticate (and verify) identities, they are inherently different from one another. The ridges of my fingerprint bear no relation to my 16 character password, nor do they bear any relation to my driver’s license. These differences are critical, as we shall see.
What is a modality?
In identity usage, a modality refers to different variations of the same factor. This is most commonly used with the “something you are” (biometric) factor, but it doesn’t have to be.
[M]any businesses and individuals (are adopting) biometric authentication as it been established as the most secure authentication method surpassing passwords and pins. There are many modalities of biometric authentication to pick from, but which method is the best?
After looking at fingerprints, faces, voices, and irises, Aware basically answered its “best” question by concluding “it depends.” Different modalities have their own strengths and weaknesses, depending upon the use case. (If you wear thick gloves as part of your daily work, forget about fingerprints.)
ID R&D goes a step further and argues that it’s best to use multimodal biometrics, in which the two biometrics are face and voice. (By an amazing coincidence, ID R&D offers face and voice solutions.)
The three modalities in the middle—face, voice, and fingerprint—are all clearly biometric “something you are” modalities.
But the modality on the left, “Make a body movement in front of the camera,” is not a biometric modality (despite its reference to the body), but is an example of “something you do.”
Passwords, of course, are “something you know.”
In fact, each authentication factor has multiple modalities.
For example, a few of the modalities associated with “something you have” include driver’s licenses, passports, hardware tokens, and even smartphones.
Why multifactor is (usually) more robust than multimodal
Modalities within a single authentication factor are more closely related than modalities within multiple authentication factors. As I mentioned above when talking about factors, there is no relationship between my fingerprint, my password, and my driver’s license. However, there is SOME relationship between my driver’s license and my passport, since the two share some common information such as my legal name and my date of birth.
What does this mean?
If I’ve fraudulently created a fake driver’s license in your name, I already have some of the information that I need to create a fake passport in your name.
If I’ve fraudulently created a fake iris, there’s a chance that I might already have some of the information that I need to create a fake face.
However, if I’ve bought your Coinbase password on the dark web, that doesn’t necessarily mean that I was able to also buy your passport information on the dark web (although it is possible).
Can an identity content marketing expert help you navigate these issues?
As you can see, you need to be very careful when writing about modalities and factors.
You need a biometric content marketing expert who has worked with many of these modalities.
Actually, you need an identity content marketing expert who has worked with many of these factors.
So if you are with an identity company and need to write a blog post, LinkedIn article, white paper, or other piece of content that touches on multifactor and multimodal issues, why not engage with Bredemarket to help you out?
If you’re interested in receiving my help with your identity written content, contact me.
I didn’t either. Frankly, I didn’t even work in biometrics professionally until I was in my 30s.
If you have a mad adult desire to become a biometric content marketing expert, here are five topics that I (a self-styled biometric content marketing expert) think you need to understand.
Topic One: Biometrics
Sorry to be Captain Obvious, but if you’re going to talk about biometrics you need to know what you’re talking about.
The days in which an expert could confine themselves to a single biometric modality are long past. Why? Because once you declare yourself an iris expert, someone is bound to ask, “How does iris recognition compare to facial recognition?”
And there are a number of biometric modalities. In addition to face and iris, the Biometrics Institute has cataloged a list of other biometric modalities, including fingerprints/palmprints, voice, DNA, vein, finger/hand geometry, and some more esoteric ones such as gait, keystrokes, and odor. (I wouldn’t want to manage the NIST independent testing for odor.)
As far as I’m concerned, the point isn’t to select the best biometric and ignore all the others. I’m a huge fan of multimodal biometrics, in which a person’s identity is verified or authenticated by multiple biometric types. It’s harder to spoof multiple biometrics than it is to spoof a single one. And even if you spoof two of them, what if the system checks for odor and you haven’t spoofed that one yet?
Topic Two: All the other factors
In the same way that I don’t care for people who select one biometric and ignore the others, I don’t care for some in the “passwords are dead” crowd who go further and say, “Passwords are dead. Use biometrics instead.”
Although I admire the rhyming nature of the phrase.
If you want a robust identity system, you need to use multiple factors in identity verification and authentication.
Something you know.
Something you have.
Something you are (i.e. biometrics).
Something you do.
Somewhere you are.
Again, use of multiple factors protects against spoofing. Maybe someone can create a gummy fingerprint, but can they also create a fake passport AND spoof the city in which you are physically located?
It’s not enough to understand the technical ins and outs of biometric capture, matching, and review. You need to know how biometrics are used.
One-to-one vs. one-to-many. Is the biometric that you acquire only compared to a single biometric samples, or to a database of hundreds, thousands, millions, or billions of other biometric samples?
Markets. When I started in biometrics, I only participated in two markets: law enforcement (catch bad people) and benefits (get benefit payments to the right people). There are many other markets. Just recently I have written about financial identity and educational identity. I’ve worked with about a dozen other markets personally, and there are many more.
Use cases. Related to markets, you need to understand the use cases that biometrics can address. Taking the benefits example, there’s a use case in which a person enrolls for benefits, and the government agency wants to make sure that the person isn’t already enrolled under another name. And there’s a use cases when benefits are paid to make sure that the authorized recipient receives their benefits, and no one else receives their benefits.
Legal and privacy issues. It is imperative that you understand the legal ramifications that affect your chosen biometric use case in your locality. For example, if your house has a doorbell camera that uses “familiar face detection” to identify the faces of people that come to your door, and the people that come to your door are residents of the state of Illinois, you have a BIG BIPA (Biometric Information Privacy Act) problem.
Any identity content marketing expert or biometric content marketing expert worth their salt will understand these and related issues.
Topic Four: Content marketing
This is another Captain Obvious point. If you want to present yourself as a biometric contet marketing expert or identity content marketing expert, you have to have a feel for content marketing.
The definition of content marketing is simple: It’s the process of publishing written and visual material online with the purpose of attracting more leads to your business. These can include blog posts, pages, ebooks, infographics, videos, and more.
But content marketers need to be comfortable with creating at least one type of content.
Topic Five: How L-1 Identity Solutions came to be
Yes, an identity content marketing expert needs to thoroughly understand how L-1 Identity Solutions came to be.
I’m only half joking.
Back in the late 1990s and early 2000s (I’ll ignore FpVTE results for a moment), the fingerprint world in which I worked recognized four major vendors: Cogent, NEC, Printrak (later part of Motorola), and Sagem Morpho.
And then there were all these teeny tiny vendors that offered biometric and non-biometric solutions, including the fierce competitors Identix and Digital Biometrics, the fierce competitors Viisage and Visionics, and a bunch of other companies like Iridian.
Wel, there WERE all these teeny tiny vendors.
Until Bob LaPenta bought them all up and combined them into a single company, L-1 Identity Solutions. (LaPenta was one of the “Ls” in L-3, so he chose the name L-1 when he started his own company.)
So around 2008 the Big Four (including a post-FpVTE Motorola) became the Big Five, since L-1 Identity Solutions was now at the table with the big boys.
But then several things happened:
Motorola started selling off parts of itself. One of those parts, its Biometric Business Unit, was purchased by Safran (the company formed after Sagem and Snecma merged). This affected me because I, a Motorola employee, became an employee of MorphoTrak, the subsidiary formed when Sagem Morpho de facto acquired “Printrak” (Motorola’s Biometric Business Unit). So now the Big Five were the Big Four.
Make that the Big Three, because Safran also bought L-1 Identity Solutions, which became MorphoTrust. MorphoTrak and MorphoTrust were separate entities, and in fact competed against each other, so maybe we should say that the Big Four still existed.
Oh, and by the way, the independent company Cogent was acquired by 3M (although NEC considered buying it).
A few years later, 3M sold bits of itself (including the Cogent bit) to Gemalto.
Then in 2017, Advent International (which owned Oberthur) acquired bits of Safran (the “Morpho” part) and merged them with Oberthur to form IDEMIA. As a consequence of this, MorphoTrust de facto acquired MorphoTrak, ending the competition but requiring me to have two separate computers to access the still-separate MorphoTrust and MorphoTrak computer networks. (In passing, I have heard from two sources, but have not confirmed myself, that the possible sale of IDEMIA is on hold.)
Why do I mention all this? Because all these mergers and acquisitions have resulted in identity practitioners working for a dizzying number of firms.
As of August 2023, I myself have worked for five identity firms, but in reality four of the five are the same firm because the original Printrak International kept on getting acquired (Motorola, Safran, IDEMIA).
And that’s nothing. One of my former Printrak coworkers (R.M.) has also worked for Digital Biometrics (now part of IDEMIA), Cross Match Technologies (now part of ASSA ABLOY), Iridian (now part of IDEMIA), Datastrip, Creative Information Technology, AGNITiO, iTouch Biometrics, NDI Recognition Systems, iProov, and a few other firms here and there.
The point is that everybody knows everybody because everybody has worked with (and against) everybody. And with all the job shifts, it’s a regular Peyton Place.
Not sure which one is me, which one is R.M., and who the other people are.
Do you need an identity content marketing expert today?
Do you need someone who not only knows biometrics and content marketing, but also all the other factors, their uses, and even knows the tangled history of L-1?
As some of you know, I’m seeking full-time employment after my former employer let me go in late May. As part of my job search, I was recently invited to a second interview for a company in my industry. Before that interview, I made an important decision about how I was going to present myself.
If you’ve read any of Bredemarket’s content, there are times when it takes a light tone, in which wildebeests roam the earth while engaging in marketing activities such as elaborating the benefits of crossing the stream.
Some of that DOES NOT fly in the corporate world. (For most companies, anyway.) If you analyze a wide selection of corporate blogs, you won’t see the word “nothingburger.” But you do here.
So as I prepared for this important job interview, I made sure that I was ready to discuss the five factors of authentication, and my deep experience as an identity content marketing expert with many of those factors.
The five factors of authentication, of course, are:
For the purposes of this job interview, there isn’t! I confined myself to the five factors only during the discussion, using examples such as passwords, driver’s licenses, faces, actions, and smartphone geolocation information.
But in the end, my caution was of no avail. I DIDN’T make it to the next stage of interviews.
Maybe I SHOULD have mentioned “Somewhat you why” after all.
Bredemarket 