How using behavioural biometrics in multi-factor authentication steps up cybersecurity

Aug 24, 2021
How using behavioural biometrics in multi-factor authentication steps up cybersecurity
Photo credit: Sompong Lekhawattana/iStock/Getty Images

In our podcast episode, Ian Paterson, CEO at Plurilock chats with Anthony Green, CPABC's manager of security operation and compliance, about how multi-factor authentication, particularly biometrics, is helping to innovate cybersecurity. Part of our Coffee Chats with CPABC podcast series.

As cyberattacks continue to escalate, multi-factor authentication (MFA) including the use of behavioural biometrics is increasingly being used to protect organizations.

Over the last several months, there has been an increase in high-profile cyberattacks, including the Colonial Pipeline, JBS Meats, and Kaseya incidents. These attacks underscore the growing need for companies to focus efforts and resources on cybersecurity. There has also been a push toward zero trust architecture, a concept where systems constantly analyze and confirm identity by “trusting no one” - even employees with the correct credentials.

MFA is an authentication method that requires the user to provide at least two identify verifications before they are able to access the resource. For example, when you log onto your online banking account from your laptop, you may be asked to enter a code sent to your mobile phone. Behavioural biometrics takes this a step further by analyzing the user’s physical and contextual data to confirm their identity in a way that is completely unique to the individual.

To dive deeper into MFA and behavioural biometrics, we recently spoke with Ian Paterson, CEO at Plurilock, an organization that uses behavioural biometrics along with AI for its continuous authentication solutions. These solutions are unique in how they constantly assess the user’s keyboard and mouse movements. As opposed to something like a key logger, which tracks what a user is typing, Plurilock’s services focus on how the user is typing as well as mouse movements, and does this every three to five seconds to continuously assure identity.

To hear our full interview with Ian, listen to our podcast episode.

Ian Paterson's headshot, taken in front of a brick wall

Ian Paterson, CEO of Plurilock

How does cybersecurity impact every industry?

Businesses often have competing priorities related to safety, operations, and costs, which can make it difficult for organizations to justify spending on cybersecurity solutions. It’s important to note that cybersecurity is a linchpin industry – it impacts all other sectors.

Many businesses rely on computers and technology devices for the daily operations of their work, which could come to a screeching halt should a data breach occur. There are also the costs of the remediation of systems, retrieving lost or stolen data, and the impact on operations that can quickly add up. These risks and associated costs for a data breach are critical when businesses consider whether or not to use cybersecurity solutions like MFA.

However, there are solutions to help organizations defend against these types of threats. Business leaders should feel empowered to take steps to deploy the right software, and to establish processes internally to protect the organization against a cyberattack.

How can MFA can protect your business?

One of the more accessible cybersecurity solutions to implement is MFA. As the name implies, MFA uses another factor of authentication – like a code on your cell phone or an additional verification by email – in addition to your traditional login and password. As an initial step toward a stronger security posture, businesses should turn on MFA whenever possible, particularly for systems where sensitive data is held or shared.

Implementing MFA is an excellent first step, but there are additional steps businesses can take to protect their networks and access. While MFA offers additional security, organizations may receive pushback from users about the additional friction these solutions add to the workday. In other cases, there are instances where a bad actor has access to the phone or email account where the additional authentication is being received. This is where behavioural biometrics comes in.

Behavioural biometrics: What are they and how do they work?

Having strong passwords managed in a password manager and implementing MFA wherever possible are concrete steps an organization can take to secure its systems. But as cyber threats increase and financial institutions become an increasing target, cybersecurity leaders are shifting the paradigm on authentication to combat these challenges.

Behavioural biometrics are characteristics – like the movement of your pointer and keyboard – unique to the individual, that can demonstrate the person using a device or credentials is the right person.

To do this, systems use machine learning and AI to analyze the patterns in the human activity and movement of a user over time, and then use those patterns as a baseline for identity confirmation. For example, the way you type is unique to you.

If an attacker were to steal your device and begin typing, if you had a behavioural biometric solution installed, the system would be able to quickly assess and determine that the person now using the device is not you. From there, depending on how the solution is set up, it can document the issue, restrict access, or block all access to the device and important files.

Another benefit with behavioural biometrics technology is that it analyzes passively in the background, reducing user friction that occurs when you’re required to type in additional passwords or forms of verification, while still keeping the device protected.


Cybersecurity technology is rapidly changing, and while cyberattacks are on the rise, financial business leaders should feel empowered to institute solutions like MFA and behavioural biometrics into their systems. By doing this, they’re taking a hands-on, proactive approach that will help to mitigate risk and protect their business. 


The Chartered Professional Accountants of British Columbia (CPABC) is the training, governing, and regulatory body for over 38,000 CPA members and 5,500 CPA students and candidates. CPABC carries out its primary mission to protect the public by enforcing the highest professional and ethical standards and contributing to the advancement of public policy. CPAs are recognized internationally for bringing superior financial expertise, strategic thinking, business insight, and leadership to organizations.