Two-factor authentication: Mobile security at your fingertips

Farpoint Group has for a very long time now advocated the use of two-factor authentication in all mobile IT applications (and, for that matter, in all fixed applications as well). Authentication is the proving of a user's identity to the device, data, network, and applications desired, and, ideally, those resources proving they are authentic as well, this being known as mutual authentication. Two-factor authentication involves, well, two factors -- typically something you know, like a password or personal identity number (PIN) code, and something you have, like a hardware token that might be a synchronized password generator or a USB device or smartcard. The two-factor approach is a little more complex than those implementations using just one -- but it's a lot more secure. And a good authentication technique can be used to drive a good encryption implementation as well, so two-factor authentication serves as the basis of a complete security solution -- again, mobile or not.

The second factor can, however, also be something you are -- welcome to a very practical application of biometrics. And the most accessible and reliable biometric element is -- you guessed it -- the fingerprint. Fingerprints, of course, are best known as that staple of crime labs and many criminal forensic investigations, but the rise of small, inexpensive and accurate fingerprint scanners that integrate easily into handsets and similar devices opens a door to a very simple two-factor authentication solution. Swipe a finger and you have easy access to devices, data, networks, IT resources, and data, with authentication and encryption all driven by that simple act. I don't think a security solution can get more convenient -- nothing else to buy and nothing to lose -- and ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Mobile Security Mobile security threats Securing your Windows Mobile devices In-the-cloud defenses for mobile malware On-device defenses for mobile malware Is malware coming to a smartphone near you? Protecting data on your BlackBerry Defining your mobile security policy Government regulations and mobile security policies Symbian: Protect your data, not just your device Mobile security policies: Why a policy is important Mobile Authentication and Encryption Sybase offers enterprise-ready iPhone solution on the App Store RIM makes hostile takeover bid for encryption vendor Certicom In-the-cloud defenses for mobile malware Podcast: The truth about network security and mobile device access iPhone encryption is a must for the security-conscious enterprise Sybase iAnywhere launches productivity suite that tunnels critical business apps through email Mobile voice encryption gets cheaper, easier to do Avoiding data breaches through mobile encryption Mobile device security: Improving mobile authentication Mobile management: Advice for mobile managers Mobile Authentication and Encryption Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CCMP  (SearchMobileComputing.com) drive-by spamming  (SearchMobileComputing.com) LEAP (Lightweight Extensible Authentication Protocol)  (SearchMobileComputing.com) Open System Authentication (OSA)  (SearchMobileComputing.com) SIM card  (SearchMobileComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

it gets even more flexible than that.

After all, almost everyone has 10 fingers, meaning that 10 different "commands" can literally be right at one's fingertips. You might use one to access the device (with perhaps no PIN code required); another to initiate a particular transaction, such as accessing a banking or financial service; and a third to send an email or IM. The fingerprint sensor itself can be coupled with device navigation functions, and haptics (force feedback, such as vibration) can also be coupled in to complete a very robust user interface indeed. By the way, standards do exist in this space, meaning that solutions are easy to develop and are, to a great degree, portable.

Fingerprint scanners have already been integrated into a good number of handsets, but many of these are available only internationally at present. I think, though, that the ever-growing emphasis on mobile and wireless security will continue to build demand for effective, convenient mobile security solutions, and that's precisely what's enabled via fingerprint recognition. I expect, in fact, that fingerprint recognition may very well become the most popular security (and beyond, as I noted above) solution for mobile devices of all forms.

You can read much more about this in Farpoint Group's latest research paper, The Broad Reach of Biometrics: Fingerprint Recognition and Mobile Security. And think about this: If we couple a fingerprint, a particular handset, and a PIN code or password as required elements for access, we actually have, cheaply and conveniently, three-factor authentication. I think you'd be hard-pressed to find greater security even in government applications. So although there will never be such a thing as absolute security, fingerprint recognition is the key to really effective security for essentially all mobile applications, now and in the future.

About the author: Craig Mathias is a principal with Farpoint Group, an advisory firm based in Ashland, Mass., specializing in wireless networking and mobile computing. The firm works with manufacturers, enterprises, carriers, government, and the financial community on all aspects of wireless and mobile. He can be reached at craig@farpointgroup.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.