25 November 2025
New Biometrics and Account Recovery paper addresses weaknesses in traditional account recovery methods when authentication fails
The Biometrics Institute today announced the release of its latest good practice tool, Biometrics and Account Recovery, a timely guide aimed at strengthening digital identity security by securing one of the most vulnerable points: the account recovery process.
Account takeover attacks are a continuous threat, and fraudsters often target account recovery processes. This is because security and identity checks may be weaker than those done when the account was created. Current recovery methods frequently rely on easily compromised passwords or Two-Factor Authentication (2FA), failing to adequately confirm the identity of the legitimate user or establish a strong binding to the account holder. This vulnerability creates an attractive target for bad actors.
Securely regaining control with biometrics
The new paper, the twentieth good practice tool from the Institute, explains the fundamentals of account recovery – the essential process for legitimately restoring control over a user account when authentication fails or the account is compromised. It details the many ways account control can be lost, from a forgotten password to a sophisticated account takeover or hacking attack.
It underpins the importance of biometrics in account recovery as they offer distinctive human attributes that provide additional security and resistance to fraud and forgery compared to traditional methods. They can mitigate account takeover risks and strengthen recovery processes by establishing a stronger, non-transferable link to the user and their account.
Recommendations for a robust recovery process
The Biometrics and Account Recovery paper explains how account control can be lost and why biometrics are important to account recovery. It provides 10 essential recommendations ranging from how to strengthen identity binding, designing for security to ensuring longevity over time.
Building trust in biometrics with commitment to good practice
The Biometrics Institute provides the clear, unbiased guidance organisations need to harness the benefit of biometrics. This new guidance complements the Institute’s Good Practice Framework – a comprehensive guide to planning, procuring, and implementing biometric systems.
The paper draws on and is complemented by other useful reference materials and guidance previously produced by the Institute, including papers on Digital Onboarding and Biometrics, Digital Identity and Biometric Authentication and the Mitigating Biometric Vulnerabilities in Digital Identity – Executive Briefing.
Find out more about the guide here and how you can ensure your users’ identities are protected, even when they lose access to their account.
ENDS.
About the Biometrics Institute:
The Biometrics Institute is the independent and impartial international membership organisation for biometric users and other interested parties. It was established in 2001 to promote the responsible, ethical and effective use of biometrics. It has offices in London and Sydney.
The Institute represents a global and diverse multi-stakeholder community of over 200 membership organisations from 43 countries. While a large proportion of the members are from government, other members include banks, airlines, biometric experts, privacy experts, suppliers, academics and 18 Observers representing United Nations agencies, IGOs and European Union institution.
The Biometrics Institute connects the global biometrics community. It shares knowledge with its members and key stakeholders and most importantly, develops good practices and thought leadership for the responsible, ethical and effective use of biometrics.
For more information, please email Marco Lombardi.
