> Many websites and services require two-factor authentication (2FA) or multi-factor authentication (MFA) where the user is required to present two or more pieces of evidence: • Something only the user knows, e.g., password, passphrase, etc. • Something only the user has, e.g., hardware token, mobile phone, etc. • Something only the user is, e.g., biometrics.
Apart from mobile phones using fingerprints to unlock, are biometrics used in any mainstream MFA? Are there any websites, services or companies that accept passwords and OTPs also accept biometrics for authentication?
And transmit it!
Biometrics are useless for remote 2fa. They only even make a little sense when used for immediate local hardware interaction. From a remote perspective you can't authenticate biometrics versus a replay attack. Hardware does it by literally being hardware and thus has high confidence it is talking to the real sensor and you will note all the phones require harder authentication on boot before enabling biometric authentication.
Apart from mobile phones using fingerprints to unlock, are biometrics used in any mainstream MFA? Are there any websites, services or companies that accept passwords and OTPs also accept biometrics for authentication?