Technology does not disrupt business – CIO day 2014 Roundup

02 December '14 | Anshuman Singh

Apple Pay – The Best Is Yet To Come

02 December '14 | Indy Sawhney

Digital transformation is a business transformation enabled by technology

01 December '14 | Amit Varma

3 Stages of FATCA Testing and Quality Assurance

06 October '14 | Raman Suprajarama

3 Reasons why Apple Pay could dominate the payments space

18 September '14 | Gaurav Johri

Beacon of Hope: Serving Growth and Customer Satisfaction

05 August '14 | Debjyoti Paul

The Dos and Don’ts of Emerging Technologies Like iBeacon

30 July '14 | Debjyoti Paul

What You Sold Us On – eCommerce Award Finalist Selections

17 July '14 | Anshuman Singh

3 Steps to Getting Started with Microsoft Azure Cloud Services

04 June '14 | Koushik Ramani

8 Steps to Building a Successful Self Service Portal

03 June '14 | Giridhar LV

Innovation outsourced – a myth or a mirage or a truth staring at us?

13 January '14 | Ramesh Hosahalli

What does a mobile user want?

03 January '14 | Gopikrishna Aravindan

Implementing Biometrics: The way to mobile authentication?

Posted on: 11 July '13

Touch phones and tablets have grown in the past few years and are moving in the direction of becoming the digital version of oneself. The risk involved with the usage of a smartphone in terms of security and authenticity has also considerably increased in the past few years. Almost all high risk transactions like banking have a layer of password security embedded in them. But is this first layer of security enough? As mobile phones have moved forward in the direction of personalization, the question “can biometrics be added as a second layer of security?” lingers in the mind of every mobile app creator. This is basically trying to employ two-factor authentication in mobiles.

Two-factor authentication is an approach to authentication, with a combination of two of the possible three factors. The factors are a knowledge factor (something you know), possession factor (something you have) and an inherence factor (something you are). Employment of one-time passwords, use of tokens, registered phone/sim cards are examples of two-factor authentication. A Fingerprint or an iris scan (biometric) is the inherence factor and poses a huge advantage in terms of being unique.

While passwords or one time tokens can be hacked or stolen, the same does not apply to biometrics. Social engineering a Facebook/ Google account, which has been very prevalent these days, does not affect biometrics as well. Authenticating a user also becomes very simple and a user claim that the transaction has been duplicated by an imposter would be virtually non-existent. Owing to the above advantages, popular mobile vendor apple has recently patented their biometric sensor technology in the hope of providing additional security to unlock the phone itself. Following suit in the mobile industry could be other providers such as Samsung, Google, etc.

Despite its advantages, implementing biometrics also poses a few major drawbacks apart from the huge cost involved in maintaining a database of the people’s records. Spoofing (the process to overcome a system using a fake sample) and Certainty (Biometrics never give 100% certainty, level of accuracy is low and can make the wrong associations between individuals’ biometric data and their ID documents or data) are among the top two drawbacks of biometrics. One other major drawback of employing biometrics is that, if the biometric information is stolen or compromised, then a user has no option of changing the same as in the case of passwords.

Even though the advantages might someday outweigh the disadvantages, biometrics on a mobile device is yet to be proven. It is dogged with multiple problems including usability, availability of data for registration and either poor recognition. While it will provide incremental security, any mobile app developer or vendor must do a proof of concept and validate before committing money on it.

What are your thoughts? Please feel free to add comments.