From fingerprint to retinal scans, biometric authentication is leaping off the pages of science fiction novels and into everyday lives. In fact, it’s already the de facto mobile authentication standard for unlocking smartphones, making payments and other activities. If you’re evaluating biometrics for your organization, keep in mind these keys to speeding and simplifying adoption.
- Leverage the Technology You Already Have
Adopting biometric authentication no longer means investing in expensive hardware or getting locked into proprietary technology. After all, just about every major smartphone and laptop manufacturer already includes native biometrics of some kind. It started with fingerprint scanners on smartphones, a development that gained widespread attention with the iPhone 5S. Today, biometrics functionality on mobile devices is growing more sophisticated all the time, with high-definition cameras, infrared sensors and augmented reality enabling advanced capabilities such as retina scanning, 3D facial recognition and improved liveness detection.
- Utilize Biometrics as One Part of a Complete Multi-Factor Authentication Solution
By selectively incorporating biometrics into a broader multi-factor authentication strategy, organizations can better secure their digital identities without making users jump through hoops. One typical example pairs biometrics with mobile push technology: Someone logging in from a PC receives a push notification to their mobile phone with the prompt to complete authenticate via fingerprint or facial recognition. In one action, the user proves two things—something they have (possession of a pre-registered mobile device) and something they are (a verified biometric). Combining multiple authentication methods into a single step reduces the threat of compromise while minimizing friction for users.
- Start Small but Plan for the Long Haul
Integrating a single biometric method, like Apple’s Touch ID, into a mobile or custom application is a relatively straightforward process, and you may be tempted to do it yourself. But first consider how you will expand biometrics to additional applications, support a growing number of users across multiple device platforms, and keep pace with changes in mobile technology. Today’s commercially available solutions provide a range of authentication methods and integration options to address these challenges.
Leading solutions come standard with support for mobile biometrics, one-time passcodes, SMS and other options for both smartphone and non-smartphone users. Look for a solution that will work out-of-the-box with most commercial applications through open standards (e.g., SAML, RADIUS and OpenID Connect), support both on-premises and cloud-deployment options, and proactively incorporate the latest in mobile technology without requiring additional integration work.
Looking ahead, keep in mind that authentication technology providers are increasingly adding risk-based analytics and behaviometrics (using measurable behavior to verify identity) to drive even stronger identity assurance with near-zero user friction. All of this innovation means lower operating costs, a better user experience and greater future-proofing.
RSA is continually evolving biometric and risk-based capabilities for the RSA SecurID Access authentication solution. Visit RSA online to learn more.