Essential Guide

How to deal with Identity and access management systems

A comprehensive collection of articles, videos and more, hand-picked by our editors
Get started Bring yourself up to speed with our introductory content.

Discover the advancements and risks of mobile biometrics

As mobile biometrics technology becomes increasingly common, it is important for IT to know how to support this kind of authentication and the security vulnerabilities it may still bring.

In the James Bond thriller Skyfall, Bond's pistol won't fire unless he is holding it himself. No one can use his own weapon against him, because it detects Bond's DNA.

This biometric weapon has yet to hit the market, but the use of biological authentication is here. Mobile biometrics can protect smartphone and tablet users from harm with fingerprint, voice, face and eye recognition software.

With its gradual takeover in the mobile device market -- thanks to Apple's Touch ID -- it is important to know how mobile biometric authentication can fit into your environment. Properly securing stored data helps prevent bigger security issues down the road that can lead to things like identity theft. Learn the answers to questions about how biometrics affect businesses, the controversies surrounding their use and what the future of authentication looks like.

What is mobile biometrics and why is it important?

It is necessary to have more than just a username and password safeguarding corporate and personal data.

Gone are the days when a password alone will protect employees. Biometrics personalizes access by using an element of the user's biological uniqueness and comparing that to stored information in a back-end database, making it difficult for someone to duplicate. Mobile biometrics breaks down into four groups: Fingerprint authentication, voice recognition, facial recognition and retinal scanning.

Fingerprint authentication uses an individual's saved scan of her fingerprint to unlock the device. Most smartphones have followed Apple's example of using fingerprint authentication with minor variations in the last two years. A handful of smartphones offer retinal authentication, but that takes longer to grant access, making it less desirable. Android attempted mainstream use of facial recognition, but it is duped simply by using a person's photograph. Vocal authentication is most often used on the application level on smartphones.

How is mobile biometrics changing business security?

Mobile biometrics can help IT provide mobile device security and improve efficiency. The added layer of protection is vital, and employees save time when biometric authentication is quicker than typing a PIN code.

With the rise of cloud servers in businesses, it is necessary to have more than just a username and password safeguarding corporate and personal data. Employees today have more remote access to their resources than ever, and without the in-person confirmation of personal recognition, a layer of security is lost. As the enterprise trends toward more employee freedom via mobile and cloud, this forces businesses to prove employees' identities in innovative ways.

Why is mobile biometrics controversial?

The benefits to security and efficiency, as well as the newness of the technology, have attracted IT professionals. Still, mobile biometrics comes with some concerns.

False error rates that deny legitimate users access to their devices are one problem. This occurs when either the scanner surface gets scratched, becomes dirty or if the user has an appearance change.

IT must also be aware of the ability to replicate certain biometrics. Mainstream facial recognition software can unlock devices using a picture of the user, a recording can surpass most voice authentication and fingerprints are vulnerable to criminals anywhere the user leaves them.

A concern that IT often overlooked is that once a mobile biometric has been compromised, it is irrevocable. With a password breach, IT can often reset a new password through a series of backup authentications. With biometric authentication, IT cannot reset an employee's DNA, and must find a new authentication route, which is often difficult and time-consuming.

What are alternatives to mobile biometric authentication?

For companies that are not completely sold on biological authentication alone, there are many alternative security measures. One of the best practices in mobile security is two-factor or multifactor authentication. Most often, it combines something the user is -- such as a fingerprint or iris scan -- and something the user knows -- such as her first pet's name. IT can also provide employees with a hardware token, such as a unique USB drive, as a third or fourth factor authentication.

It is tempting to rely solely on mobile biometrics, due to its unique patterning and speed. For the strongest security, however, users and IT are better off with two-factor authentication.

Next Steps

Where the future of biometrics is trending

The risk of the PIN versus the uncertainty of mobile biometrics

How the OPM breach exposed fingerprint biometrics

This was last published in December 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

How to deal with Identity and access management systems

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What do you think will be the next advancement in mobile biometrics?
Cancel
This is a good summary, but a couple of points could use further clarification.

First, regarding different types of biometrics, there are actually several forms of eye-based recognition in use today: iris, eye vein, retinal and periocular (a general term for a combination of different eye-region characteristics). Retinal recognition is the least common of these because it requires special hardware.

Second, you are absolutely correct that nearly any biometric can be copied. However, any serious biometric authentication solution offers some sort of liveness detection to prevent replay attacks.

Finally, the topic of revocable biometrics is of growing interest. While you cannot change a fingerprint or face, you can store the biometric data in a unique way (e.g. using cryptography and/or referencing it only via an anonymous identifier), such that the biometric data and/or its identifier can be revoked if necessary and the user allowed to enroll their biometrics again.
Cancel
I generally agree that multi-factor authentication is where the industry needs to go. One quick question - which handsets, exactly, are able to do retina scanning?
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close