Creative Options for Better Authentication of Mobile Phone Users


If you think your mobile phone is already deeply embedded in your life, consider the critical role it will have in just a few years. As the importance and sensitivity of the data handled by mobile phones increase, so do the repercussions of the devices falling into unauthorized hands. Manufacturers and app developers will need to implement creative ways of authenticating legitimate phone users without relying on awkward passwords and PINs.

Here are a few creative options for determining whether an authorized person is using the phone:

Authentication factors above might not work on their own, but they could be combined with each other to reach the right balance between false positives and false negatives.

For additional context, the authentication decision could account for the expected bio-pattern of the legitimate user, such as the heart rate range that could be obtained using activity trackers that integrate with phones, such as FuelBand, Fitbit or UP. The phone could also pay attention to the user's breathing patterns, in the style of the Breathing Zone iPhone App.The decision could also incorporate the person's expected physical location and activities (i.e. jogging); for an example of the phone can "predict" the user's activities see the Google Now app.

Innovative authentication options are gradually becoming available for mobile phones. More will come to light over the next few years. In the next decade, we'll see authentication mechanisms that effortlessly tie the bio-measured identity and  context with the phone's hardware and software functions. In some ways, it will be hard to distinguish between the mobile device and its user.

For a follow up to this post, take a look at Beyond Logins: Continuous and Seamless User Authentication.


About the Author

Lenny Zeltser develops products and programs that use security to achieve business results. He is the CISO at Axonius and Faculty Fellow at SANS Institute. Lenny has been leading efforts to establish resilient security practices and solve hard security problems for over two decades. A respected author and practitioner, he has been advancing tradecraft and contributing to the community. His insights build upon real-world experience, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more