Creative Options for Better Authentication of Mobile Phone Users


If you think your mobile phone is already deeply embedded in your life, consider the critical role it will have in just a few years. As the importance and sensitivity of the data handled by mobile phones increase, so do the repercussions of the devices falling into unauthorized hands. Manufacturers and app developers will need to implement creative ways of authenticating legitimate phone users without relying on awkward passwords and PINs.

Here are a few creative options for determining whether an authorized person is using the phone:

Authentication factors above might not work on their own, but they could be combined with each other to reach the right balance between false positives and false negatives.

For additional context, the authentication decision could account for the expected bio-pattern of the legitimate user, such as the heart rate range that could be obtained using activity trackers that integrate with phones, such as FuelBand, Fitbit or UP. The phone could also pay attention to the user's breathing patterns, in the style of the Breathing Zone iPhone App.The decision could also incorporate the person's expected physical location and activities (i.e. jogging); for an example of the phone can "predict" the user's activities see the Google Now app.

Innovative authentication options are gradually becoming available for mobile phones. More will come to light over the next few years. In the next decade, we'll see authentication mechanisms that effortlessly tie the bio-measured identity and  context with the phone's hardware and software functions. In some ways, it will be hard to distinguish between the mobile device and its user.

For a follow up to this post, take a look at Beyond Logins: Continuous and Seamless User Authentication.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more