Touch phones and tablets have grown in the past few years and are moving in the direction of becoming the digital version of oneself. The risk involved with the usage of a smartphone in terms of security and authenticity has also considerably increased in the past few years. Almost all high risk transactions like banking have a layer of password security embedded in them. But is this first layer of security enough? As mobile phones have moved forward in the direction of personalization, the question “can biometrics be added as a second layer of security?” lingers in the mind of every mobile app creator. This is basically trying to employ two-factor authentication in mobiles.
Two-factor authentication is an approach to authentication, with a combination of two of the possible three factors. The factors are a knowledge factor (something you know), possession factor (something you have) and an inherence factor (something you are). Employment of one-time passwords, use of tokens, registered phone/sim cards are examples of two-factor authentication. A Fingerprint or an iris scan (biometric) is the inherence factor and poses a huge advantage in terms of being unique.
While passwords or one time tokens can be hacked or stolen, the same does not apply to biometrics. Social engineering a Facebook/ Google account, which has been very prevalent these days, does not affect biometrics as well. Authenticating a user also becomes very simple and a user claim that the transaction has been duplicated by an imposter would be virtually non-existent. Owing to the above advantages, popular mobile vendor apple has recently patented their biometric sensor technology in the hope of providing additional security to unlock the phone itself. Following suit in the mobile industry could be other providers such as Samsung, Google, etc.
Despite its advantages, implementing biometrics also poses a few major drawbacks apart from the huge cost involved in maintaining a database of the people’s records. Spoofing (the process to overcome a system using a fake sample) and Certainty (Biometrics never give 100% certainty, level of accuracy is low and can make the wrong associations between individuals’ biometric data and their ID documents or data) are among the top two drawbacks of biometrics. One other major drawback of employing biometrics is that, if the biometric information is stolen or compromised, then a user has no option of changing the same as in the case of passwords.
Even though the advantages might someday outweigh the disadvantages, biometrics on a mobile device is yet to be proven. It is dogged with multiple problems including usability, availability of data for registration and either poor recognition. While it will provide incremental security, any mobile app developer or vendor must do a proof of concept and validate before committing money on it.
What are your thoughts? Please feel free to add comments.