peshkova - Fotolia
It's either an awe-inspiring technological opportunity, or your worst nightmare: A computer with the ability to read people's thoughts. With growing interest in mobile biometrics -- where a device can use an individual's physical or physiological attributes to authenticate that person's identity -- that's where the market is headed.
Biometrics may scan a person's fingerprint, face, retina, ear and even DNA, using a sensor or camera. Either a complete image of the scan or a code-based representation of the image is stored in a database or locally on the device. When a user attempts to gain access to a biometrics-protected device or application, it rescans their physical attribute(s), and underlying software analyzes and compares it to the stored image data. If the software verifies the user's identity, it then grants the appropriate level of access.
This technology is becoming a more prevalent way to control access to mobile devices, thanks primarily to the popularity of Apple's Touch ID fingerprint sensor on the iPhone and iPad. Eventually, we could even see biometrics able to identify people by their brain waves. Since as early as 2013, researchers have been studying a way to record brain signals using an electroencephalogram, a monitoring test historically used to diagnose epilepsy, tumors and other disorders.
Smartphones, tablets and laptops are inherently more portable than desktop PCs, making them more liable to be lost or stolen, and therefore susceptible to corporate data loss. So for IT departments managing employees' personal or corporate-owned mobile devices, biometric authentication can greatly improve security. Passwords and numeric PINs can be easy to guess, but it's highly unlikely a hacker or other unauthorized user could access or replicate a person's unique fingerprint.
Still, biometric data isn't 100% secure. Just last year, 5.6 million federal employees' fingerprint images were stolen. Many biometric technologies transfer images over a network and store them in databases, both of which are potential attack surfaces. Encryption can make that process more secure, and IT admins should make sure database servers are regularly patched. To more easily manage biometric data, IT can also integrate its storage with existing directories such as Active Directory and the Lightweight Directory Access Protocol.
Other variables also reveal mobile biometrics' weak spots. Scanner hardware can malfunction if it gets smudged or scratched. Recognition software has yet to mature, so it can misread an image and block access to the authorized user, for instance.
Vendors that offer biometric analysis software, scanner hardware and industry-specific authentication suites include M2SYS Technology, Bio-Key, Animetrics, Visidon, ImageWare Software, plus larger tech vendors such as Samsung and Fujitsu. Fingerprint authentication will make up the large part of mobile biometrics for now, particularly on smartphones, according to Juniper Research. But the market is slowly maturing beyond that. Touch ID is only a couple years old, so it's sure to see advancements in the coming years. Android offers some app-level biometrics, and users can download biometric authentication apps such as AppLock to implement face- or voice-recognition features.
Annual revenue from mobile biometrics will jump from $1.6 billion in 2014 to $34.6 billion in 2020, according to a June 2015 Acuity Market Intelligence report. As the next decade nears, and if mobile biometrics vendors can work out some functionality kinks, more IT shops will surely consider biometric authentication as a way to lock down employees' mobile devices.
This article originally appeared in the February issue of the Modern Mobility e-zine.
Learn how Apple Touch ID works to provide multifactor authentication.
Biometric authentication is going to take off.
Take this quiz to test your biometrics knowledge.
- Discover the Risks and Rewards Behind a Mobile Workforce –SearchSecurity.com
- Top 5 Enterprise Mobile Security Issues –SearchSecurity.com
- Essential Enterprise Mobile Security Controls –SearchSecurity.com
- Mobile security moving to a unified approach –ComputerWeekly.com