Mobile devices and mobile apps are built around two basic tenets: speed and simplicity. The average person cherishes their smartphone, using it almost one hundred times a day and completing most transactions in only a few seconds. Bring Your Own Device (BYOD) programmes attempt to convert this mobile love affair into enterprise productivity, but your enterprise security may be standing in the way.
Authentication is the most egregious offense of enterprise security. We’re required to stop and enter a password whether we’re in our home or halfway around the world. While other security functions have become completely transparent to the end-user, the current technology used to validate user identity remains completely disruptive and comically old-fashioned.
The problem with passwords
Everyone knows a password’s strength is derived from its complexity, so why are there so many bad passwords? It’s a usability problem. Our fingers aren’t getting smaller but our keyboards have been miniaturised and require multiple taps to access numbers or special characters. As a result, mobile users choose easy to type passwords, knowingly trading security risk for greater usability.
Enforcing password complexity simply discourages users from opening BYOD programmes and entrenches security as the enemy of productivity. However, with smartphones susceptible to a wide range of attacks - from hackers to muggers - enforcing security controls that inherently undermine the BYOD proposition of fast and easy access is the only option.
Traditional biometrics presents users with a similar aggravation - swiping a finger multiple times only to be asked for a passcode anyway. Besides, there are not too many enterprises willing to risk their data security to a piece of consumer grade hardware that can be fooled with a photograph or a gummy bear.
Complex security is turning users into your adversary, trying to game frustrating and productivity sapping security controls.
Behavioural biometrics: Simpler, faster, stronger
A complex password can be almost impossible to break but with increasing complexity comes decreasing usability. With behavioural biometrics there is no such correlation.
Behavioural biometrics uses sensors already in your mobile device to collect data about the way you walk, hold your phone, where you go, what’s around you, and when you perform certain activities. That trusted baseline can help an app decide if the current operator is in fact you and if it is you, if it’s safe to execute in the current environment.
The aggregate of environmental and behavioural data points creates entropy so large that a hacker would have to conduct vigilant and continuous surveillance to have even a tiny chance at faking your unique behavior. As for an electronic attack like brute force – it would be patently absurd.
BYOD productivity and mobile security
By moving complexity from the user to the authentication engine, you don’t have to worry about users undermining the security of your BYOD app because they’re not being asked to do anything they wouldn’t already be doing. No password, no tokens, no finger swipes. No disruption.
The value of any BYOD programme is the ability to provide users with fast and convenient access. Embracing mobility means leaving the password behind and pursuing a future where security isn’t the enemy of productivity but an integral part of it.
Troy Frost and Nic Harris at Sentegrity