The iris pattern in human eyes is equally unique as a fingerprint, making it a strong choice for a mobile biometric. Due to the high level of technology used in iris authentication, experts consider the technology a strong security method for mobile devices.
There are five parts to iris authentication:
- pupil detection;
- iris detection;
- normalization (the pupil must be removed from the image to focus on the iris pattern);
- feature extraction (the iris pattern is normalized into a rectangular strip); and
- matching (the unique pattern is matched to the image stored in the database).
Iris authentication is available on the Galaxy S8 and S8+, as well as the TCL 560 and Microsoft's Lumia 950 and 950 XL. Unlike facial recognition, iris scanning only requires one additional infrared camera, making devices with this technology often less expensive and more appealing for organizations to adopt.
A hacker could dupe iris authentication by taking a picture in infrared mode of the owner's face, printing the photo at high quality, adding a contact lens over the printout eye and stealing the device from the owner, but this level of commitment seems uncommon and easily avoidable. One downside to iris authentication is the uniqueness of the eye pattern. If, for some reason, the biometric authentication is compromised, there is no way to alter it. Due to this, a PIN code or password should accompany the iris authentication as a backup.