Mobile Authentication vs. Biometrics
Biometrics and multi-factor authentication are two approaches to remotely accessing enterprise systems via mobile devices. Which is right for you?
By Henrik Jeberg, SMS PASSCODE
In today's business world the use of remote access to support a distributed workforce has become not only commonplace but imperative. Having the ability to have employees remotely access enterprise systems is an integral component of the way we work and is required to support workers in today’s mobile environment.
However, with the increased ease of using remote access to conduct business, also comes the increased risk of identity theft.
Organizations are faced with the complexity of balancing the right mix of access protection and threats. They must constantly evaluate what is the right level of investment - and protection - for their business.
Central to all security is the concept of authentication - verifying that a user is who they claim to be. It is especially important for employees remotely accessing enterprise systems.
So what is the best approach to authentication?
One approach is biometric authentication, a system that relies on the unique biological characteristics (such as retina, voice, fingerprint, signature) of individuals to verify identity for secure access to electronic systems. Once the dream of sci-fi Hollywood movies, today biometrics is a reality.
The benefits of using biometrics for user authentication are evident. Whether it is a retina scan, a fingerprint or using your voice, the user always has their "password" with them and it is never forgotten.
For the most part, it is easy to use because it is on someone’s person and all they need to do is "show up." If your employees already have devices equipped with the appropriate biometric readers, it may be an affordable approach.
However, as with any technology, there are some downsides to using biometrics for authentication. One of those challenges is that you are introducing a high level of dependencies in your organization.
Implementing biometric authentication can prove expensive and inconvenient, as initial provisioning of users requires a tamper-proof process to link identity and biometric data. Additionally, workers may no longer be able to login from devices other than their company-issued computer as their private tablet or PC may not have the necessary biometric scanner.
And perhaps most important, biometric data can be stolen, leaving enterprises vulnerable to compromise. It has been shown that fingerprints can be easily replicated off of items users touch, and smartphone photos can be maneuvered and used to copy fingerprints. Most concerning is that there are dedicated organizations that provide step-by-step instructions on how to "lift" a fingerprint; it is as simple as securing the image and using software to create a fingerprint code.
Another approach is the use of adaptive multi-factor authentication (MFA) via the mobile device. To successfully protect an employee or consumer account from being accessed via identity theft schemes, organizations can use multiple factors: something you know (a user name/password) and something you have (a mobile device) and even the specific session the user logs on from.
Some MFA technologies can use the network the user logs in from and even the country as a factor, allowing logins from certain users accessing from certain countries, which radically limits the hacker’s possibilities to compromise the system.
There are few dependencies with multi-factor authentication, as employees always carry their device with them. If they forget it, they can still authenticate by receiving a voice-call to a landline phone.
There is no painful enrollment process because modern MFA platforms provide seamless integration to Active Directory authentication servers, so users do not need to enroll manually. Also, with sophisticated MFA software no data is stored and, therefore, not subject to possible threats.
A criticism of MFA is that there is still some level of dependency, with users relying on a modem or Web dispatch service to function and send codes. However, an advanced platform should provide automatic failover between these systems, making the dependency minimal.
These are two technologies IT professionals can consider when evaluating user authentication technologies. The key is making sure your company’s data is safe while reducing complexity and dependencies.
Henrik Jeberg is managing director at SMS Passcode. With over 20 years of experience in security and IT, Henrik is a technology business developer in the global IT sector, spanning from strategy to execution, and from idea to exit. Prior to SMS Passcode, Henrik was CIO, deputy director general for the Agency for Governmental Management within the Danish Ministry of Finance.
By Jeff Goldman
January 05, 2016
66 percent already use authentication methods beyond passwords, a recent survey found.