Biometric-Enabled Multi-Factor Authentication for Mobile Applications

Abstract

Biometric-enabled multi-factor authentication (MFA) combines “something you are” with one or more additional factors—“something you know” or “something you have”—to bolster security for mobile applications. This manuscript investigates the design, implementation, and evaluation of a biometric-MFA framework tailored for resource-constrained mobile environments. We propose an adaptive authentication strategy that leverages fingerprint and facial recognition modalities, supplemented by one-time password (OTP) verification. A prototype was developed on Android and iOS platforms, and its performance was assessed through both statistical analysis and simulation research. Empirical results based on a user study of 150 participants demonstrate that our framework achieves a False Acceptance Rate (FAR) of 0.8% and a False Rejection Rate (FRR) of 1.5%, while maintaining an average authentication latency of 850 ms. Simulation under varying network conditions and threat models further confirms system robustness, with successful defense against man-in-the-middle (MitM) attacks and replay assaults. We conclude that biometric-MFA offers a practical balance of usability and security for modern mobile applications, and we outline future enhancements including liveness detection and continuous authentication.

Building on these findings, the extended framework incorporates dynamic risk assessment that adjusts authentication thresholds based on environmental context (e.g., geolocation, device health, and network integrity). The inclusion of a privacy-preserving enrolment protocol ensures that raw biometric data never leaves the device’s secure enclave; instead, one-way hashed templates are used for matching, in compliance with GDPR and CCPA guidelines. We also integrate cryptographic key provisioning to rotate OTP secrets periodically, mitigating long-term key compromise. Field trials under real-world conditions—including fluctuating signal strength and variable lighting—indicate that adaptive thresholding reduces FRR by 20% in low-quality capture scenarios, without materially increasing FAR. User satisfaction, measured via the System Usability Scale (SUS), remained above 80, underscoring high acceptance among diverse demographics. Finally, a cost-benefit analysis demonstrates that the marginal overhead of biometric-MFA (≈0.03 W per authentication) is negligible relative to overall device power consumption. These enhancements position the proposed solution for deployment in sectors with stringent security requirements—such as mobile banking, healthcare, and enterprise resource planning—while preserving a streamlined user experience.