Today, mobile devices are built for convenience first with security as an afterthought. In 2014, security will become the new frontier for personal computing. The widespread adoption of bring-your-own-device (BYOD) has made mobile device security a major topic within the enterprise. The main conversation pertaining to the use of smartphones is the vast amounts of easy to access data with very little or no authentication needed. According to a study by Flurry Analytics, over 30 percent of device owners choose not to use a pin or lock screen, and those who do lock their device often use a four-digit pin or swipe password. The survey analyzed over one million users of Webroot's mobile security app. Both are many times easier to bypass than traditional passwords that require eight characters or more.
App developers are still focusing on convenience where authentication is required. Designed for comfort, apps are easy to use once installed by users and authentication is required upon initial install, but never thereafter. Clearly, this has many IT security professionals concerned. So how can the security for mobile devices improve? First, it is important to remember that for security to be effective, it cannot get in the way of normal functionality of the device. The same study also found that even a simple device password is too much for one-third of mobile device users. The solution for these types of devices lies in biometric authentication. Large companies like Google and Apple have made advancements in this area with both facial recognition and fingerprint scanning, but these two techniques still have a long way to go in providing strong, application-level authentication.
My prediction for the future of biometrics is that the use of two-factor authentication along with advancements in 3-D camera and facial recognition technology will come together as one. For this to happen, the OS operating device needs to have native support for such features so app developers can include these as new forms of application-level authentication. I also strongly believe that new advancements in 3-D camera technology will allow for very accurate and strong authentication, especially when combined with a second factor, something like a user's fingerprint, voice recognition or heartbeat. The year of 2014 should deliver big advancements in the mobile device space with biometrics and application-level authentication a major factor. The key to a successful solution would be to provide an effective security service without getting in the way of using the device. Or in other words, security with transparency.