Creative Options for Better Authentication of Mobile Phone Users

image

If you think your mobile phone is already deeply embedded in your life, consider the critical role it will have in just a few years. As the importance and sensitivity of the data handled by mobile phones increase, so do the repercussions of the devices falling into unauthorized hands. Manufacturers and app developers will need to implement creative ways of authenticating legitimate phone users without relying on awkward passwords and PINs.

Here are a few creative options for determining whether an authorized person is using the phone:

Authentication factors above might not work on their own, but they could be combined with each other to reach the right balance between false positives and false negatives.

For additional context, the authentication decision could account for the expected bio-pattern of the legitimate user, such as the heart rate range that could be obtained using activity trackers that integrate with phones, such as FuelBand, Fitbit or UP. The phone could also pay attention to the user’s breathing patterns, in the style of the Breathing Zone iPhone App.The decision could also incorporate the person’s expected physical location and activities (i.e. jogging); for an example of the phone can “predict” the user’s activities see the Google Now app.

Innovative authentication options are gradually becoming available for mobile phones. More will come to light over the next few years. In the next decade, we’ll see authentication mechanisms that effortlessly tie the bio-measured identity and  context with the phone’s hardware and software functions. In some ways, it will be hard to distinguish between the mobile device and its user.

For a follow up to this post, take a look at Beyond Logins: Continuous and Seamless User Authentication.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He presently oversees the financial success and expansion of infosec services and SaaS products at NCR. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more