Gartner: Nearly one-third of firms will use biometrics for mobile devices by 2016
To secure mobile devices without alienating users in a BYOD environment, 30 percent of firms will employ biometric authentication for mobile devices by 2016, predicts Gartner.
"Mobile users staunchly resist authentication methods that were tolerable on PCs and are still needed to bolster secure access on mobile devices. Security leaders must manage users' expectations and take into account the user experience without comprising security," says Ant Allan, research vice president at Gartner.
BYOD devices increasingly have access to and hold sensitive corporate data, yet users are reluctant to submit to the security measures used on PCs, such as complex passwords that are hard to type on mobile devices, says Gartner. Yet, complex passwords are needed to ensure corporate data is safe.
"An eight-digit numeric password will require hours to recover, and that will discourage casual hackers with toolkits. However, even a six-character lowercase alphanumeric password can provide billions of values. For most practical purposes, hackers are not prepared to pursue this large a set of combinations due to the relatively slow speeds involved in brute force attacks against smartphones and tablets," says John Girard, vice president and distinguished analyst at Gartner.
A compromise solution to complex passwords on mobile devices is biometric authentication. This can be the use of fingerprint scanning, which is now available on the iPhone 5S, voice and facial recognition, and eye scanning. To ensure security for highly sensitive data, biometrics could be combined with passwords, Gartner notes.
In addition, for sensitive data residing on the mobile device, encryption should be used. "The best practice is to use encryption that is not tied to the primary power-on authentication, meaning the key cannot be recovered from the device after a soft wipe operation has been performed," says Girard.
- see the Gartner release