Mobile Authentication 101: What it is, and Why You Need It


by Michael Harris October 06, 2016

Mobile Authentication: What it is, and Why You Need It

As we move towards using mobile for everything, protection is more important than ever. Here's how mobile authentication protects you and your business.

 

Threats to computers and network devices used to be so simple compared to today's need for encryption, mobile authentication, and other measures.

Take, for example, a scene from the hit AMC TV show "Halt and Catch Fire".

It's sometime in the late 80's. Our main character, Joe MacMillan, breezes into the CEO's office at a major bank, goes behind the man's desk, shoves a floppy disk into the old grey Tandy and begins to explain to the poor banker that he's just infected his computer network with a virus.

The banker's screen is full of meaningless lines of text, and no matter what the banker does, he cannot unlock his computer.

As the now distraught and frightened banker is about to call security, Joe places his hand on the phone and says, "The real product here is security, a shield against those who would hurt you, perhaps because of their own carelessness or simply because they want to destroy you. Real security is trusting no one."

Joe inserts another floppy disk into the computer. Everything is back to normal. He's miraculously performed the first anti-virus scan. Simple. Just a floppy disk with the right bit of code.

Today, security is much more complicated. Which is why we would like to sit down with you right now and explain a very important aspect of today's security landscape: Mobile authentication.

1. Mobile Authentication 101: What is it? 

Two main iterations of mobile authentication exist. One is a way to ensure that the person accessing a particular mobile device is, in fact, the correct user. The other is a way to use mobile technology to access networks and information. 

There are, in fact, multiple types of mobile authentication. And perhaps breaking down each type will help you understand what mobile authentication is.

Passwords:

These have been used in security protocols since the dawn of language. Who of you had a "secret" childhood club and (although you knew your best friend's voice from Adam) made each friend repeat the "secret" password before entrance was granted? Passwords in mobile authentication work in a similar fashion. Enter a combination of letters, number, or symbols to access a device or network. 

Non-Text Passwords:

These are pattern based passcodes. Points on a photo: trace a line through the giraffe, down to the lion, and over to the penguin. Of course, these codes rely on a mouse or touch screen. You will not find this form of authentication on a Blackberry or any non-"smart" phone.

Certificates:

A certificate is like a very secure street-corner mailbox. You are able to insert information into the box with a trusted stamp on the letter. But only one organization or person has the key to access the box. Nobody (this includes you) can retrieve the information in the box except the person with the key. This is generally an encryption method used over networks and across the globe through the internet.

Smart Cards:

These cards are an upgrade to the magnetic strip cards of the past. Many of you might have noticed your credit card now has a gold "chip" embedded in the plastic. This microchip can store more information than a magnetic strip. This allows for multiple uses including identification when unlocking a device using an attached smart card reader

Hardware Tokens:

These devices generate one-time passwords that are meant to be paired with an existing password.

Biometrics:

A user authentication method in which some unique part of the user's anatomy is used to identify the person. Most commonly, cell phone companies use fingerprint detection as one step to unlock a cell phone.   

Proximity:

This method can either be used with a physical GPS verified location or a connection to a device such as a smartwatch or Bluetooth headphones. The device unlocks when proximity to a device or location occurs.

You can use each of these methods in the industry standard of two-factor authentication. For example, if you want to lock your cell-phone with a two-factor authentication, you could use your fingerprint biometrics and a password. 

This makes the device much less vulnerable to being cracked by an intruder.

2. Mobile Authentication 101: Why You Need it: Expensive and Embarrassing Incidents Could Be Avoided.

Just because you play by the rules doesn't mean anybody else will. According to IBM, in 2016 the cost of an average large scale data breach was $4 million dollars and that the likelihood of another data breach in the next 24 months is a 24% chance. 

As you can see, data breaches can be very costly. Back in 2011, Sony encountered one of the most costly data breaches in recent history, losing nearly $171 million dollars when malicious attackers stole credit card numbers, passwords, and various other types of information. 

Even the US Government can't seem to keep hackers out of their email accounts recently. 

If at any time it were necessary for extreme caution in how we protect our devices and information, it would be now. Whether you are a small business or a sprawling government department, the information of either your customers, your business, or your citizens is extremely valuable.

Encryption has been a valuable asset for security all the way back to the German Enigma Machine and Turing's code cracking computer.

But in today's increasingly mobile era, it's become even more important to ensure the identity of those accessing devices and information networks on top of encryption. 

Two-factor authentication, a method in which one part is something you have (e.g. a smart card or a hardware token) and the other part is something you know (e.g. a password or pattern), is now common and highly recommended.

Do you really want to take a chance on the sensitive information on your devices and network? Even with the 24% chance of a major data breach in the next 24 months, the likelihood of any other small attack on your data infrastructure may be higher.

Conclusion: Protect Yourself

Many two-factor solutions exist for mobile authentication. It would be a fool's decision not to take advantage of the available methods for protecting your devices and data.

Take a moment and examine your security protocols. If any weakness exists, shore it up and take action today. 




Michael Harris
Michael Harris

Author




Also in Mobile Security

Mobile Privacy: 7 Things You Need to Secure Your Mobile Device
Mobile Privacy: 7 Things You Need to Secure Your Mobile Device

by Michael Harris November 16, 2016

Mobile devices have opened our worlds to incredible possibilities. But, they've also opened up our private lives as well. We're sharing the best mobile privacy tips here.

Read More

Mobile Security: Explaining Fido U2F
Mobile Security: Explaining Fido U2F

by Michael Harris October 15, 2016

If you don't have a method to improve your mobile security and privacy, you need to get started. One way to begin - Fido U2F security keys. Here's why you need them to enhance your mobile security.

Read More

Ten Questions to Select the Best MDM for Your Enterprise
Ten Questions to Select the Best MDM for Your Enterprise

by Michael Harris October 10, 2016

With limitless choices of Mobile Device Management (MDM) systems available in the market, it is not an easy task to choose what’s best for your company.

Read More