Mobile will save security by replacing passwords with biometrics
- 15 August, 2014 01:53
Let's be honest: computer security is broken. You know it, I know it, we all know it. Post-Snowden, consumers and non-US companies are afraid for their data. Post-Target breach, corporations are more terrified of hackers than ever.
While no system is perfect, and all will be prone to human error, there is a distinct sense that something needs to change.
What's more, in many enterprises, paranoid CIOs have paradoxically weakened security. The requirement of eleven different passwords, each eighteen letters long and containing a small letter, a big one, an asterisk, and the blood of a virgin, means employees just write their passwords down on post-it notes and leave them lying around. Systems that can't be easily accessed remotely means workers share documents on Dropbox, where -- for instance -- former employees can still have access to sensitive documents. And so on.
Again, there is no silver bullet, and no system will ever be perfect. But one trend that I think will arise in enterprise security is biometrics.
Biometrics has always had a big sci-fi-like promise in making security work. It's not a good movie if it doesn't have someone in uniform submitting to a fingerprint, or retina, or voice, or blood sample scan to have access to some high-security bunker. And Apple's Touch ID system has for the first time shown that it's possible to have fingerprint identification that's actually easy to use, inexpensive, and reasonably secure.
Since this is an area where players like Apple and Samsung are ahead of the pack, look for biometrics to increase the consumerization of tech in the enterprise. Even the most recalcitrant CIOs will finally accept that properly-set-up iPhones with the right software can be as secure as corporate-issued BlackBerries.
There are other exciting potential applications of biometrics for security. For example, a startup named Bionym makes a bracelet called Nymi that measures your cardiac rhythm through you wrist to identify you. Only when you are wearing the bracelet (and it's you) can you log in. For security-scared CIOs -- that is to say, CIOs -- this may prove irresistible.
The combination of wearables and biometrics is attractive because, unlike a password, biometrics are only ever attached to one specific person. Wearables, being wearable, are harder to forget or misplace, at least in theory. And biometric signatures are (much) harder to fake, although of course nothing is impossible.
It's important to stress that there are no silver bullets and that no system will ever be 100% secure. But the combination of a real felt need for tighter security, increasingly security-minded CIOs, and the improving technology of biometrics makes this an important future trend for enterprise mobile computing.