Essential Guide

Browse Sections

Discover the advancements and risks of mobile biometrics

As mobile biometrics technology becomes increasingly common, it is important for IT to know how to support this kind of authentication and the security vulnerabilities it may still bring.

In the James Bond thriller Skyfall, Bond's pistol won't fire unless he is holding it himself. No one can use his own weapon against him, because it detects Bond's DNA.

This biometric weapon has yet to hit the market, but the use of biological authentication is here. Mobile biometrics can protect smartphone and tablet users from harm with fingerprint, voice, face and eye recognition software.

With its gradual takeover in the mobile device market -- thanks to Apple's Touch ID -- it is important to know how mobile biometric authentication can fit into your environment. Properly securing stored data helps prevent bigger security issues down the road that can lead to things like identity theft. Learn the answers to questions about how biometrics affect businesses, the controversies surrounding their use and what the future of authentication looks like.

What is mobile biometrics and why is it important?

Gone are the days when a password alone will protect employees. Biometrics personalizes access by using an element of the user's biological uniqueness and comparing that to stored information in a back-end database, making it difficult for someone to duplicate. Mobile biometrics breaks down into four groups: Fingerprint authentication, voice recognition, facial recognition and retinal scanning.

It is necessary to have more than just a username and password safeguarding corporate and personal data.

Fingerprint authentication uses an individual's saved scan of her fingerprint to unlock the device. Most smartphones have followed Apple's example of using fingerprint authentication with minor variations in the last two years. A handful of smartphones offer retinal authentication, but that takes longer to grant access, making it less desirable. Android attempted mainstream use of facial recognition, but it is duped simply by using a person's photograph. Vocal authentication is most often used on the application level on smartphones.

How is mobile biometrics changing business security?

Mobile biometrics can help IT provide mobile device security and improve efficiency. The added layer of protection is vital, and employees save time when biometric authentication is quicker than typing a PIN code.

With the rise of cloud servers in businesses, it is necessary to have more than just a username and password safeguarding corporate and personal data. Employees today have more remote access to their resources than ever, and without the in-person confirmation of personal recognition, a layer of security is lost. As the enterprise trends toward more employee freedom via mobile and cloud, this forces businesses to prove employees' identities in innovative ways.

Why is mobile biometrics controversial?

The benefits to security and efficiency, as well as the newness of the technology, have attracted IT professionals. Still, mobile biometrics comes with some concerns.

False error rates that deny legitimate users access to their devices are one problem. This occurs when either the scanner surface gets scratched, becomes dirty or if the user has an appearance change.

IT must also be aware of the ability to replicate certain biometrics. Mainstream facial recognition software can unlock devices using a picture of the user, a recording can surpass most voice authentication and fingerprints are vulnerable to criminals anywhere the user leaves them.

A concern that IT often overlooked is that once a mobile biometric has been compromised, it is irrevocable. With a password breach, IT can often reset a new password through a series of backup authentications. With biometric authentication, IT cannot reset an employee's DNA, and must find a new authentication route, which is often difficult and time-consuming.

What are alternatives to mobile biometric authentication?

For companies that are not completely sold on biological authentication alone, there are many alternative security measures. One of the best practices in mobile security is two-factor or multifactor authentication. Most often, it combines something the user is -- such as a fingerprint or iris scan -- and something the user knows -- such as her first pet's name. IT can also provide employees with a hardware token, such as a unique USB drive, as a third or fourth factor authentication.

It is tempting to rely solely on mobile biometrics, due to its unique patterning and speed. For the strongest security, however, users and IT are better off with two-factor authentication.

Next Steps

Where the future of biometrics is trending

The risk of the PIN versus the uncertainty of mobile biometrics

How the OPM breach exposed fingerprint biometrics

Dig Deeper on Enterprise mobile security