What is biometric access control?

Biometric access control exploits the things that make you unique to enhance security and ensure that only authorised individuals enter restricted areas. Our unique features have been used to verify identity for a long time. There is evidence that fingerprint patterns were used as long as 4000 years ago in ancient Babylon as a means of signing contracts.

Since then, the technology has advanced and diversified. Today, biometrics is part of our everyday lives. 81% of smartphone users have biometrics enabled on their device [1]. That’s a clear message that the convenience and security biometrics offers is popular and worth investment. But what kinds of technology are out there?

Types of biometric access control

Credentials in access control fall into three categories. They might be something you have, like a key, a swipe card, or a lanyard tag. Or they might be something you know, like a PIN code or a password. Biometrics utilises something you are to verify that you are authorised to enter a locked area. But human beings have a lot of features that are unique to every individual. As a result, there are lots of different types of biometric access control. Here are some of them.


Fingerprint recognition

Fingerprints are the oldest recorded form of biometric identification. In the Western world, their usage was initially focused on documenting and catching criminals. It wasn’t until the second half of the 20th Century that technologies first emerged to enable fingerprints to be used for access control purposes.

The tips of your fingers are covered in tiny lines that form patterns of loops, arches, and whorls. The chances of another person somewhere in the world having the same patterns as you is minuscule – 1 in 64 trillion [2]. It’s clear why these features are handy when it comes to verifying identity.

Fingerprint scanners use powerful lights to scan the surface of the finger and identify the unique patterns. Those patterns are then compared with a saved database to ascertain whether they match an existing user. If so, the user is granted access.

Types of biometric access control - fingerprint scan graphic with hand stretching out to touch it


Facial recognition

Scientists estimate that the average person can recognise around 5,000 different faces – and some super-recognisers remember up to 10,000 faces [3]! The features on our faces vary subtly in tiny but important ways. The size of your eyes, the shape of your nose, the distance between your lip and your chin – the sum of all these small varying factors makes up your face.

Facial recognition cameras work by scanning a face and identifying a range of key metrics, such as the size and spaces between facial features. From these measurements, a digital map of the face is created. The system compares the digital map to those saved in its database to establish whether the user is recognised or not.

This technology is still really in its infancy. Some initial challenges such as weather conditions and changing appearances with facial hair or glasses have been overcome. Additional technology such as infrared cameras that make face templates three-dimensional improve accuracy. However, other difficulties remain. For example, identical twins are advised not to use facial recognition to access their banking apps [4], for fear they could impersonate one another.

In addition, many people are wary of this technology. Access control systems are a one-to-one facial recognition technology [5], meaning they work with a fixed and pre-defined database of faces. However, some airports, casinos, police forces and other organisations have implemented public facial recognition for surveillance purposes. Many people have concerns about privacy, data security, and personal freedoms relating to public facial recognition.


Voice recognition

The term ‘voice recognition’ is actually somewhat misleading here. Technically, ‘voice recognition’ is a technology which identifies the words that you are saying. Think asking your smartphone to tell you the upcoming weather forecast, or asking your car to “Call mum at home”. For access control, the term we really need is ‘voice authentication’. This is about identifying the person speaking the words.

There are two types of voice authentication: text-dependent and text-independent. Text-dependent systems require the user to say a specific phrase to identify the unique factors that distinguish that voice. Meanwhile, text-independent authentication works regardless of what the user is saying.

Voice authentication is becoming particularly popular in the banking and financial services industry. It is often used as part of an MFA (multi-factor authentication) process along with a PIN code or password. As it’s very common for people to contact their bank on the phone, voice authentication is an ideal solution. It may also be more accessible for users who don’t have smartphones.


Iris recognition

Iris recognition is one of those technologies that still feels a little bit ‘Mission Impossible’ to many people. But iris scanners are becoming increasingly normalised in high security environments, and are much more widely available now.

The iris is a circular muscle at the front of the eye which is packed with pigmentation that gives it colour. Its function is to control the amount of light coming into the eye. The colours and patterns in each person’s iris are unique. With specialised cameras capturing high-resolution images of the iris, those patterns can be converted into a digital template for authentication purposes.

This technology is commonly found in government premises, military facilities, and other high-security environments. In many cases, iris recognition may be used in combination with another authentication method to further boost security.

Types of biometric access control - high security blue padlock graphic on black background


Palm recognition

Hand scanning is a relatively recent addition to commercially available biometric solutions. The scanners identify the unique patterns in the veins under your palm to authenticate your identity. Like all the other biometric methods, the pattern of veins is converted into digital data which is then compared with the saved database.

Generally, palm recognition technology utilises infrared light to scan the handprint. Because veins contain blood which contains haemoglobin, they absorb, rather than reflect, infrared light. As a result, the scanned hand shows a dark and unique pattern where the light is absorbed by the veins.

Benefits of biometric access control

Whichever method of biometric authentication you prefer, you’re making a good choice for security. A physical card or tag can be lost, stolen or cloned. A PIN or password can be forgotten or disclosed. Conversely, biometrics comes with innate security benefits that mean only authorised people may access restricted areas.

  • Users must be physically present to engage with biometric recognition technology.
  • It’s extremely hard to steal or clone biometric data (and many systems are set up to counter spoof attacks anyway).
  • Many systems offer customisable acceptance thresholds to further enhance security and reliability.
A closeup of a man sitting in front of a laptop holding and using a mobile phone to contact technical support

Be the first to know

Register for our regular newsletter and you'll be the first to know about all our latest products, announcements, offers, and competitions.