michelangelus - Fotolia

Manage Learn to apply best practices and optimize your operations.

Why mobile two-factor authentication is better than biometrics

Two-factor authentication may not be perfect, but nothing is with security, and it is certainly more secure than any single-form factor method, including biometrics.

Teamed with physical security, integrity management, encryption and authorization, authentication is one of the key elements in any good security strategy.

Traditional authentication methods are based on a single element or factor. For example, I can say "my name is Craig." Yes, my name really is Craig, but how does someone know it's true? Because I say so? Obviously enterprise mobile security can't run on the honor system.

Everyday billions of transactions take place based on a single authentication factor -- typically, a password. Because IT often uses authentication to derive encryption keys and so many users work with mobile devices that are easily lost or stolen, one-factor authentication doesn't really make sense. Instead, mobile two-factor authentication is key.

Biometrics authentication uses biological information for authentication purposes. Fingerprint scanners have been in use for decades, and new smartphones such as the Samsung Galaxy Note7 utilize iris scanners. Because each of these factors is unique to a given individual, biometrics should be the perfect authentication factor.

Obviously enterprise mobile security can't run on the honor system.

Unfortunately, it is not. Despite the likelihood that these features differ on an individual basis, and the fact that they are more difficult to duplicate than other factors used in authentication such as passwords, biometrics is still not enough on its own.

It's possible for someone to fake a fingerprint, because people leave fingerprints everywhere. And facial recognition is great until a user grows a beard, shaves or otherwise changes his appearance. DNA would likely be the ideal biometric marker, but DNA scanners are complicated, expensive and time-consuming.

If biometrics isn't perfect, is anything?

Absolute security does not exist, and it likely never will. But two-factor or multifactor authentication, which requires users to identify themselves with something they have, plus something they know -- a physical device plus information stored in their biological memory, for example -- can improve security immensely.

The something the user has could indeed be biometric, or it could be a hardware token such as a personal handset. If the handset serves as a sufficient form of authentication, biometrics isn't necessary. Biometric data could serve as a third or even fourth factor in high-security situations, but it is certainly not required.

IT shops must remember that biometrics authentication systems alone are inadequate as the sole basis for authentication. In fact, every single-factor authentication mechanism is similarly vulnerable. Ideally, vendors will realize two-factor authentication is the minimum, no matter how sophisticated each factor might be. As a result, it is best not to rely on fingerprint scanners alone. The same goes for the iris scanner in the Galaxy 7.

Even with mobile two-factor authentication, bugs, operational errors and new threats appear with alarming regularity. IT must evaluate each element of any security strategy in terms of its effectiveness and potential vulnerabilities. The time is now to make two-factor authentication a priority.

Next Steps

How to implement multifactor authentication

Two-factor vs. multifactor authentication

A look at open source identity management

This was last published in September 2016

Dig Deeper on Enterprise mobile security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What are the two most secure factors to use for mobile authentication?
Cancel
also there are issues with provacy on biomtrics, not everyone is fired up about it.

code based TFA like google auth and physical tokens also dont block phishing (ie what site are you typing those codes into.....the real one or a faux one.....)

we have a solution thats uses mutual-authentication to make al fasters, easier and more secure, its called CryptoPhoto. 
Cancel

-ADS BY GOOGLE

SearchNetworking

SearchTelecom

SearchUnifiedCommunications

SearchSecurity

Close