Selfie Based Authentication| Authentication History and the Future

To understand the future let’s take a quick look at the past. Stonewall Jackson (Civil War), China Qin Dynasty Hand Prints 200 BC, Francis Dalton Finger Prints.

Do you want to know pros and cons with various authentication methods of the future? IRIS, Selfie Based Authentication, Voice, Finger Print, Face Recognition, Gesture and other Trends in Mobile Security.

What is the Best Biometric Authentication Methods for Mobile Apps?


Kayvan Alikhani, Sr Director of Technology with RSA is an authentication expert. He gives a fascinating review of the past and future related to User Authentication Trends and Methods for Native Mobile Applications (starting Slide 27)


What I like is how he gives two great analogies from the origins of authentication in China, where they were capturing handprints for evidence of burglaries.

“Chinese records from the 221-206 BC Qin Dynasty include details about using handprints as evidence during burglary investigations. Clay seals bearing friction ridge impressions were used during both the Qin and Han Dynasties (221 BC – 220 AD).”

The second analogy was in England in 1892 where fingerprint identification was really pushed forward by a researcher named Francis Dalton.

“Although Galton was not the first to propose the use of fingerprints for identification (Sir William Herschel had used them in India for this purpose) he was the first to place their study on a scientific basis and so lay the groundwork for their use in criminal cases.  He was able to collect a large sample of prints through his Anthropological laboratories, eventually amassing over 8,000 sets.  His study of minutiae in prints provided the  foundation for meaningful comparison of different prints, and he was able to construct a statistical proof of the uniqueness, by minutiae, of individual prints.

Galton also provided the first workable fingerprint classification system, which was later adapted by E. R. Henry for practical use in police forces and other bureaucratic settings.  Most of all, Galton’s extensive popular advocacy of the use of prints helped to convince a skeptical public that they could be used reliably for identification.”

One of my favorite stories in the beginning of the show is when Kayvan tells us how war hero from the Civil War Stonewall Jackson died because he was not authenticated correctly by his troops.

Thomas Stonewall Jackson Statue
His troops did not use Strong Authentication (SA) – SA is the use of multiple factors to assert one’s identity.

  1. Multi-factor Authentication – Authentication that requires the use of solutions from two or more of categories of factors


  1. Multi-layer authentication – Using multiple solutions from varying (same/different) categories at different points in the process.

All methods of how to access the show are below:

If you enjoy the show, you can help us out by leaving a review on iTunes. Here’s How!

Below are some segment notes that you will find interesting.

Learning Opportunities

  • Server side authentication versus Device based authentication. What is the difference? How is this changing?
  • Samsung, Apple – touch ID, Microsoft Win 10 – are all moving to a device based authentication model is where these vendors are going for biometrics that happens on the device.
  • Windows 10 – native IRIS and Face Detection. Your privacy is protected on the device. The device then makes an assertion that this is “Bill”.
  • The assumption is that I trust the device and the device has an authenticator and the device protects the user’s biometric profile.
  • Advantage – The monkey is off the provider of having to manage identities. Impersonation and Man-in-the middle attacks are significantly reduced. Credentials are not on the server!
  • Pushing authentication to the device. Trust the device is the assumption.
  • The key is the device protects the biometric profile.

What are the most secure authentication techniques for mobile devices?

  • IRIS and Voice a user utters a phrase while looking into a sensor…cool!
    • What if the environment is noisy?
    • Combine it with location.
  • Context and trends on the device are important and you can combine this with a biometric assertion
  • IRIS Security – 1 in 2 million chance of a false positive
  • Finger print – 1 in 200k chance of a false positive.
  • This makes IRIS security 5-7 times for secure
  • Finger prints are highly usable and easy.
  • IRIS scanning is harder and more cumbersome and less convenient. It also has a creapy factor. However a ‘Selfie’ is basically very commonplace now so IRIS will be more acceptable given more time.
  • Gesture and Movement are coming
  • New sensors are being built into the phone to support these new methods

RSA’s VIA Solution

@39:00 – I ask Kayvan questions about where RSA is going related to the topics within the enterprise. It is worth exploring RSA’s direction related to multi-factor authentication

See more about Kayvan and Fresh perspectives on these topics on this blog

Bill is dedicated to your success as an IT Business Leader. Sign up/Subscribe for weekly podcast, CIO Mastermind and CISO Mastermind updates delivered to your inbox easily and effortlessly: Follow Bill on LinkedIn and Twitter.

Leave a podcast review here

How do I leave a review?