Apple's passkeys replace traditional passwords on Mac with biometric authentication and encryption, offering stronger security through Touch ID and Face ID verification.

In the era of pervasive cyber threats and exponential growth in digital services, the inadequacy of single-factor authentication has become increasingly evident. Multi-Factor Authentication (MFA), which combines knowledge-based factors (passwords, PINs), possession-based factors (smart cards, tokens), and inherence-based factors (biometric traits), has emerged as a robust defense mechanism. Recent breakthroughs in deep learning have transformed the capabilities of biometric systems, enabling higher accuracy, resilience to spoofing, and seamless integration with hardware-based solutions. At the same time, smart card technologies have evolved to include on-chip biometric verification, cryptographic processing, and secure storage, thereby enabling compact and secure multi-factor devices. This survey presents a comprehensive synthesis of recent work (2019-2025) at the intersection of deep learning, biometrics, and smart card technologies for MFA. We analyze biometric modalities (face, fingerprint, iris, voice), review hardware-based approaches (smart cards, NFC, TPMs, secure enclaves), and highlight integration strategies for real-world applications such as digital banking, healthcare IoT, and critical infrastructure. Furthermore, we discuss the major challenges that remain open, including usability-security tradeoffs, adversarial attacks on deep learning models, privacy concerns surrounding biometric data, and the need for standardization in MFA deployment. By consolidating current advancements, limitations, and research opportunities, this survey provides a roadmap for designing secure, scalable, and user-friendly authentication frameworks.

Biometric authentication using physiological signals offers a promising path toward secure and user-friendly access control in wearable devices. While electrocardiogram (ECG) signals have shown high discriminability, their intrusive sensing requirements and discontinuous acquisition limit practicality. Photoplethysmography (PPG), on the other hand, enables continuous, non-intrusive authentication with seamless integration into wrist-worn wearable devices. However, most prior work relies on high-frequency PPG (e.g., 75 - 500 Hz) and complex deep models, which incur significant energy and computational overhead, impeding deployment in power-constrained real-world systems. In this paper, we present the first real-world implementation and evaluation of a continuous authentication system on a smartwatch, We-Be Band, using low-frequency (25 Hz) multi-channel PPG signals. Our method employs a Bi-LSTM with attention mechanism to extract identity-specific features from short (4 s) windows of 4-channel PPG. Through extensive evaluations on both public datasets (PTTPPG) and our We-Be Dataset (26 subjects), we demonstrate strong classification performance with an average test accuracy of 88.11%, macro F1-score of 0.88, False Acceptance Rate (FAR) of 0.48%, False Rejection Rate (FRR) of 11.77%, and Equal Error Rate (EER) of 2.76%. Our 25 Hz system reduces sensor power consumption by 53% compared to 512 Hz and 19% compared to 128 Hz setups without compromising performance. We find that sampling at 25 Hz preserves authentication accuracy, whereas performance drops sharply at 20 Hz while offering only trivial additional power savings, underscoring 25 Hz as the practical lower bound. Additionally, we find that models trained exclusively on resting data fail under motion, while activity-diverse training improves robustness across physiological states.

Critical VR applications in domains such as healthcare, education, and finance that use traditional credentials, such as PIN, password, or multi-factor authentication, stand the chance of being compromised if a malicious person acquires the user credentials or if the user hands over their credentials to an ally. Recently, a number of approaches on user authentication have emerged that use motions of VR head-mounted displays (HMDs) and hand controllers during user interactions in VR to represent the user's behavior as a VR biometric signature. One of the fundamental limitations of behavior-based approaches is that current on-device tracking for HMDs and controllers lacks capability to perform tracking of full-body joint articulation, losing key signature data encapsulated by the user articulation. In this paper, we propose an approach that uses 2D body joints, namely shoulder, elbow, wrist, hip, knee, and ankle, acquired from the right side of the participants using an external 2D camera. Using a Transformer-based deep neural network, our method uses the 2D data of body joints that are not tracked by the VR device to predict past and future 3D tracks of the right controller, providing the benefit of augmenting 3D knowledge in authentication. Our approach provides a minimum equal error rate (EER) of 0.025, and a maximum EER drop of 0.040 over prior work that uses single-unit 3D trajectory as the input.

All of those fantastical possibilities promised by burgeoning brain-computer interface technology come with the unavoidable cost of needing its potentially hackable wetware to ride shotgun in your skull. Given how often our personal data is already mishandled online, do we really want to trust the Tech Bros of Silicon Valley with our most personal of biometrics, our brainwaves? In her new book, The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology, Robinson O. Everett Professor of Law at Duke University, Nita A. Farahany, examines the legal, ethical, and moral threats that tomorrow's neurotechnologies could pose. From The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology by Nita A. Farahany. Assume that Meta, Google, Microsoft, and other big tech companies soon have their way, and neural interface devices replace keyboards and mice.

Not sci-fi, but real life: Samsung introduced a voice-cloning feature for their new Galaxy S phones this week. Train the Bixby mobile assistant on your S23, S23, or S23 Ultra phone, and it'll successfully mimic you during calls. This duplication is sold as a way to answer calls whenever you're unable to talk--you instead type answers and the phone reads them to the other party in your voice. AI-trained voice imitation can be also used for nefarious purposes, as Motherboard demonstrated the very same day as Samsung's news. Using AI-generated imitations of his voice, writer Joseph Cox breezed through his bank's automated voice verification system.

The recent shift to remote work has created a sizable dilemma for IT departments responsible for security. With work computers and users now scattered all across the country, it creates problems that simply didn't exist when workers were mostly confined to a centralized office. At the core of this problem is the need for authentication across devices that provide adequate security but also are non-intrusive and easy for users to use regularly. Many companies have considered facial recognition technology to authenticate users and access. But recent trends show facial recognition falling out of favor with many employees.

The recent shift to remote work has created a sizable dilemma for IT departments responsible for security. With work computers and users now scattered all across the country, it creates problems that simply didn't exist when workers were mostly confined to a centralized office. At the core of this problem is the need for authentication across devices that provide adequate security but also are non-intrusive and easy for users to use regularly. Many companies have considered facial recognition technology to authenticate users and access. But recent trends show facial recognition falling out of favor with many employees.

'The Five' discusses Apple's new software update allowing users the opportunity to edit and unsend unwanted messages. Facial recognition and fingerprint verification are becoming common security features on our phones and now your breath may be a potential option for biometric security, according to a report published in Chemical Communications. Researchers from Kyushu University's Institute for Materials Chemistry and Engineering worked with the University of Tokyo and have developed an olfactory (smell) sensor that can identify a person by analyzing their breath, the report said. "Recently, human scent has been emerging as a new class of biometric authentication, essentially using your unique chemical composition to confirm who you are," first author of the study, Chaiyanut Jirayupat, said in a release. Bangkok, Thailand - December 12, 2015: Apple iPhone5s held in one hand showing its screen for entering the passcode. Researchers from Kyushu University's Institute for Materials Chemistry and Engineering who worked with the University of Tokyo developed an olfactory (smell) sensor that can identify a person by analyzing their breath, the report said.

Two recent research papers from the US and China have proposed a novel solution for teeth-based authentication: just grind or bite your teeth a bit, and an ear-worn device (an'earable', that may also double up as a regular audio listening device) will recognize the unique aural pattern produced by abrading your dental architecture, and generate a valid biometric'pass' to a suitably equipped challenge system. Prior methods of dental authentication (i.e. for living people, rather than forensic identification), have needed the user to'grin and bare', so that a dental recognition system could confirm that their teeth matched biometric records. In summer of 2021, a research group from India made headlines with such a system, titled DeepTeeth. The new proposed systems, dubbed ToothSonic and TeethPass, come respectively from an academic collaboration between Florida State University and Rutgers University in the United States; and a joint effort between researchers at Beijing Institute of Technology, Tsinghua University, and Beijing University of Technology, working with the Department of Computer and Information Sciences at Temple University in Philadelphia. The entirely US-based ToothSonic system has been proposed in the paper Ear Wearable (Earable) User Authentication via Acoustic Toothprint.