Taking Mobile Authentication Mainstream

The online hub for the modern workforce is the mobile phone—making reliable, frictionless security critical. Without it, text messages, location data, contacts and any account information stored on the phone is at risk for theft and misuse. Moreover, the broader universe of enterprise applications accessed through the mobile device can be imperiled.

A recent study by Verizon shows that one in three organizations suffered data breaches linked to mobile devices, and these numbers are on the rise. Mobile phishing scams are common. Mobile devices are vulnerable to the same types of attacks as non-mobile devices—in addition to mobile-specific attacks such as malicious apps and rogue wireless hotspots.

The mobile devices are critical as both application host and authentication factor, assuring that the authorized person is the one attempting to gain access. Authentication is the most critical issue in cybersecurity. The need to secure mobile resources tops organizational to-do lists across every industry, public and private. The question is, can mobile security counter cybercrime schemes while simultaneously supporting the increasing sophistication of the features and apps offered on mobile devices themselves?

The Promise of Mobile Biometrics

Biometric authentication for mobile holds the dual promise of achieving unparalleled security and frictionless convenience. In fact, it's already with us in our daily lives. Mobile touch ID, face ID and SMS one-time passwords (OTPs) are already widely accepted (although NIST is deprecating OTPs).

Early adopters of mobile biometrics include the banking and finance industries, which have truly been transformed by these advances in technology. Customers are becoming comfortable with enrolling in biometric databases in exchange for efficiency in transactions, account logon, and other conveniences.

According to Goode Intelligence’s latest report, Biometrics for Banking: Market and Technology Analysis, Adoption Strategies and Forecasts 2018-2023, by 2020, over 586 million bank customers will be benefiting from cloud-based biometrics for a range of services. GDPR and increasing US privacy regulations are leading other highly regulated industries, including government, insurance, immigration, travel and healthcare to dive deeper into the biometric wave.

The Future of Mobile Authentication

Gartner predicts that by 2022, 70% of organizations that use biometric authentication for employee network access will implement it using smartphone apps—no matter the endpoint device. Lower costs, greater security and improved user experience/customer experience (UX/CX) are fueling this growth.

Many analysts predict that AI and machine learning will boost innovations, including the use of behavioral biometrics for mobile authentication. Behavioral biometrics go beyond inherent biometrics (i.e., fingerprints) to base authentication on more complex factors such as how users interact with their devices: for example, how they hold the phone or move fingers across the screen.

Balancing security, usability and privacy will remain a challenge. Mobile manufacturers and the authentication industry are continuously working to refine this delicate balance. Further, the industry is seeing smart businesses taking stronger precautions by following best practices related to encryption, passwords, testing and restricting access.

Ongoing advances in inherent and behavioral biometrics bode well for the improvement and adoption of next-level mobile authentication. Companies like HID Global are leading the charge with innovative mobile security solutions.

Get the latest blogs on identity and access management delivered straight to your inbox.

Jeff Carpenter is Director of Cloud Authentication at HID Global. In his 15+ years in cybersecurity, Jeff has held positions with several top-tier cybersecurity and technology companies, including Crossmatch and RSA, a Dell Technologies company. He holds both Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) designations.