Mobile will save security by replacing passwords with biometrics

We're in a dark age for computer security, but the rise of mobile and wearable devices with built-in biometrics could save us.

Let's be honest: computer security is broken. You know it, I know it, we all know it. Post-Snowden, consumers and non-US companies are afraid for their data. Post-Target breach, corporations are more terrified of hackers than ever.

While no system is perfect, and all will be prone to human error, there is a distinct sense that something needs to change.

What's more, in many enterprises, paranoid CIOs have paradoxically weakened security. The requirement of eleven different passwords, each eighteen letters long and containing a small letter, a big one, an asterisk, and the blood of a virgin, means employees just write their passwords down on post-it notes and leave them lying around. Systems that can't be easily accessed remotely means workers share documents on Dropbox, where -- for instance -- former employees can still have access to sensitive documents. And so on.

Again, there is no silver bullet, and no system will ever be perfect. But one trend that I think will arise in enterprise security is biometrics.

Biometrics has always had a big sci-fi-like promise in making security work. It's not a good movie if it doesn't have someone in uniform submitting to a fingerprint, or retina, or voice, or blood sample scan to have access to some high-security bunker. And Apple's Touch ID system has for the first time shown that it's possible to have fingerprint identification that's actually easy to use, inexpensive, and reasonably secure.

Since this is an area where players like Apple and Samsung are ahead of the pack, look for biometrics to increase the consumerization of tech in the enterprise. Even the most recalcitrant CIOs will finally accept that properly-set-up iPhones with the right software can be as secure as corporate-issued BlackBerries.

There are other exciting potential applications of biometrics for security. For example, a startup named Bionym makes a bracelet called Nymi that measures your cardiac rhythm through you wrist to identify you. Only when you are wearing the bracelet (and it's you) can you log in. For security-scared CIOs -- that is to say, CIOs -- this may prove irresistible.

The combination of wearables and biometrics is attractive because, unlike a password, biometrics are only ever attached to one specific person. Wearables, being wearable, are harder to forget or misplace, at least in theory. And biometric signatures are (much) harder to fake, although of course nothing is impossible.

It's important to stress that there are no silver bullets and that no system will ever be 100% secure. But the combination of a real felt need for tighter security, increasingly security-minded CIOs, and the improving technology of biometrics makes this an important future trend for enterprise mobile computing.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags AppledropboxbiometricsTargetMobile & BYOD

More about DropboxelevenSamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Pascal-Emmanuel Gobry

Latest Videos

More videos

Blog Posts