February 4, 2014 -
According to a new report, Gartner predicts that by 2016, 30 percent of organizations will use biometric authentication on mobile devices, up from five percent today.
“Mobile users staunchly resist authentication methods that were tolerable on PCs and are still needed to bolster secure access on mobile devices,” Ant Allan, research vice president at Gartner said. “Security leaders must manage users’ expectations and take into account the user experience without comprising security.”
Also in the report, Gartner identifided security impacts of the consumerization of IT and has made some recommendations for IT security leaders. This list of recommendations includes password length and composition, as well as encryption after failed authentications.
Gartner also recommends that security leaders evaluate biometric authentication methods where higher-assurance authentication is required. Suitable authentication modes include interface interactivity, voice recognition, face topography and iris structure. These modes can be used in conjunction with passwords to provide higher-assurance authentication without requiring any significant change in user behavior, the group says.
Moreover, as a mobile device itself provides a rich node of identity-relevant contextual data, this information can also be used to increase the trust in the claimed identity. It is possible that the combination of passive biometric authentication and contextual authentication will provide sufficient assurance in medium-risk scenarios without the need for “gateway” authentication events using passwords or tokens.
“Adopting significantly different authentication methods for different devices will eventually be unsustainable,” Allan said. “Mobile-apt authentication methods must also be PC apt. Combinations of X.509 credentials on the endpoint, low-friction biometric modes and contextual authentication will likely fit the bill.”
Gartner’s full report is available on its website. In addition, the company says it will be discussing the topic of security further at the Gartner Identity & Access Management Summit 2014, set to take place March 17-18 in London, UK.
Though Gartner has endorsed biometric technology before today’s report, in November 2013, the company published a report warning smartphone manufacturers not to follow Apple’s example of embedding fingerprint sensors, citing privacy and perception issues.