Evolving cybersecurity threats and the related concerns regarding data security and privacy are driving enterprises to seek more reliable tools for identity management and access control. The current move toward passwordless authentication requires innovative access solutions, and mobile biometrics is emerging as one potential option to address the vulnerabilities associated with traditional login methods.
In 2018, only 5 percent of enterprises relying on biometrics as part of their security protocols used mobile applications, but Gartner predicts this figure could jump to 70 percent by 2022. Biometrics is already a main feature on many mobile devices, such as smartphones, laptops, tablets and wearables, and it has become a normal part of everyday life for the millions of people using these devices.
This increasing ubiquity of biometric authentication using a range of different identification methods makes mobile biometrics more accessible in the workplace. As enterprises search for ways to improve security, mobile devices present themselves as familiar platforms on which to deploy alternative identity management solutions.
Mobile Biometrics Solutions
Today’s mobile devices come equipped with technologies either already suited for biometric identification or with potential applications for use as authentication tools. With these technologies on board, a mobile device can become part of a user’s identity and serve as a login point or as part of a series of identifiers in a multi-factor authentication (MFA) protocol.
When incorporated into existing MFA strategies, mobile biometrics may make use of fingerprint scanning, retina scanning or facial recognition technologies many manufacturers build into their devices. Users requesting access to an application or system may receive a push notification requiring them to complete the login process by inputting a previously authenticated biometric identifier into their devices. Each user has a unique identifier stored on his or her device instead of a central database enterprises typically use for storing passwords.
To implement mobile biometrics, enterprises must partner with providers offering software development kits (SDKs) with the flexibility to incorporate a variety of biometrics options across platforms. These scalable solutions ensure every user, be it an employee or a customer, can access necessary resources regardless of device type or operating system.
Is Mobile Authentication the Answer?
Biometric identification and authentication methods available through mobile applications are often cheaper than traditional biometrics and therefore more accessible to businesses. Updating security protocols can put a strain on budgets even at the enterprise level, but since mobile biometrics rely on the devices employees and customers already own, there’s no need to invest in additional hardware prior to implementation. Mobile biometrics applications can be tailored to match the unique use cases of each enterprise and custom-built to individualized specifications.
Biometrics tend to be faster than other authentication methods, creating a better user experience across the board. Instead of entering a series of passwords or struggling to recall answers to security questions, employees and customers are able to gain access using an identifier they can’t lose or forget. For the growing number of mobile employees at the enterprise level, the use of biometrics simplifies network access from any location while preserving the security of sensitive corporate data.
Challenges of Implementation
When mobile devices are incorporated as part of users’ identities, each device becomes a potential gateway into the enterprise network with which users are associated. Unlike traditional biometrics housed on company premises, mobile devices can be lost or stolen when traveling outside the physical location of the network.
An identity component in the wrong hands has the potential to undermine access control measures and allow hackers to infiltrate the network undetected. Gartner warns the easy accessibility making mobile biometrics so attractive may increase susceptibility to spoofing and requires additional features like “liveness testing” to minimize the risk of unauthorized access.
Integration also poses a challenge to enterprises in which workflows include applications with incompatible authentication protocols or where legacy systems are still widely used. A mobile biometrics solution capable of working with a network of diverse on-premises and cloud-based applications is necessary for creating a streamlined user experience.
Finally, because decentralized credential storage places user credentials on devices, concerns shift from a centralized database within an enterprise network to the security of hundreds or even thousands of individual endpoints. Biometric authentication must be designed to adapt and respond to risk levels associated with this change and backed by secure, reliable data transfer methods incorporating end-to-end encryption for the highest level of security.
Although more enterprises are adopting biometrics to address the challenges associated with identity management and access control in the current cybersecurity landscape, mobile solutions still present their fair share of challenges. Enterprises must examine the use cases for which mobile biometrics are being considered, evaluate the costs and benefits and investigate what solutions are available before moving ahead with implementation.