Biometric passwords expand the possibilities into the “something you are” category. A retina scan or fingerprint, for example, authenticates users based on something they are, and, in most cases, cannot change. Biometrics have a decided advantage over passwords because they don’t rely on users’ ability to remember them — you are who your retina says you are. There is a dramatic downside, however. Horror films have long exploited the plot line where a bad guy cuts out a target’s eyeball and uses it to log into a computer or enter a secure facility.
The newest technologies retain the advantage of biometrics, but don’t create the same level of physical risk. They involve “something you do,” such as the way you walk, as being researched at Carnegie Mellon. Another similar tool involves quantifying the unique way users type, a technique that’s been dubbed “keystroke analysis.” These so-called “behavioral” authentication mechanisms give systems architects four distinct methods to choose from.