This week’s news that the iPhone 5s will come equipped with a fingerprint sensor has refreshed the debate surrounding the role of biometric technology as a means of authentication.
Richard Moulds, VP Product Strategy, Thales e-Security discusses the impact this development will have on both personal and enterprise security and what it will mean for the future of authentication.
“The introduction of biometrics to secure access to smart phones raises the bar for personal security. This might finally start to spell the end of the password. The potential exists to not only protect access to the phone and the apps directly associated with it, but also to open up the prospect of strong authentication to a plethora of third party services accessed from the phone, such as home banking and ecommerce.
The potential for strong authentication for free could also have a real impact for corporate users who have relied on dedicated authentication tokens for years. In the context of BYOD, the phone might be a corporate ally rather than a threat. The big question is how open this new capability will be. One thing we have learned in the context of smartphones is that commoditisation happens really quickly – there’s a short window between innovation and widespread, cross platform availability. Biometric authentication doesn’t necessarily commoditise quite as easily as hi-res cameras and voice recognition - but it could, and if it does, we will all benefit.
However, before we all get too excited, security is about swords and shields – bigger shields lead to bigger swords, and it’s a constant battle to deal with the weakest links in a security system. Authentication has already started to lose its reputation as being one of the weakest links in the data protection landscape as a result of a huge investment in behavioural analytics and risk based authorisation. Just maybe, phone based biometrics might finally move it out of the security spotlight – but that spotlight doesn’t get turned off, it will just move somewhere else – what will the next weakest link be? Guarding user access to applications is one thing, but ensuring the integrity of those applications and the confidentially of the data they depend on is not a simple task, and technologies such as cryptography and key management will play a vital role.”