Through the Eyes: A Survey on Gaze-Based1 Biometric Authentication Systems

Eye-based biometric authentication leverages distinctive patterns in users' gaze movements to provide secure, continuous verification and addresses escalating challenges in cybersecurity. This comprehensive review surveys 222 peer-reviewed publications and introduces the first three-dimensional taxonomy of the field spanning: (i) authentication approaches (physiological, behavioral, hybrid), (ii) system platforms (hardware/software/cloud/edge/embedded), and (iii) evaluation aspects (accuracy measures, spoofing resistance, usability). Departing from conventional Human-Computer Interaction (HCI) surveys, our study employs a security-oriented framework informed by adversarial insight alongside a systematic comparative analysis. We evaluate methodologies across deployment platforms ranging from desktop infrared (IR) tracking to Extended Reality (XR) head-mounted displays, using well-crafted datasets (GazeBase, GazeBaseVR, Gaze360, LPW). The analysis yields three central insights. First, physiological cues exhibit temporal stability and strong spoofing resistance; behavioral cues offer adaptive performance that remains robust to calibration on ordinary commodity sensors; and hybrid approaches attain superior performance at the cost of higher complexity. Second, system robustness requires robust liveness and Presentation Attack Detection (PAD) solutions, with multi-modal fusion and template protection essential against presentation, synthetic, and adversarial attacks. Third, cloud and edge architecture can effectively mitigate latency and privacy constraints via on-device inference and privacy-preserving learning methods. These results indicate substantial opportunities in enterprise, XR, automobile, mobile/IoT, and smart-environment applications. We conclude by outlining priority research directions: standardization protocols, privacy-preserving methods, optimization of multi-modal fusion, and longitudinal cross-cultural validation to ensure fairness and robustness in real deployments.