Recover your password

Forgot password? Behaviour metrics authentication in mobile devices


It often seems that virtually everybody is unhappy with today’s password-dependent authentication schemes – either for the reason that it’s nigh impossible to remember so many different passwords or because of its threat of being hacked.

Kayvan Alikhani, senior director of technology at RSA, The Security Division of EMC, whose RSA Via family of Smart Identity solutions is distributed in Southern Africa by Networks Unlimited, states that the future is truly about choice and providing secure authentication that makes it easy for users to comply with security policies.

“In the past, biometric technology wasn’t very convenient, and proved very expensive. Now cost-effective biometric measures built into mobile devices, such as the camera, speaker, accelerometer, fingerprint sensor and geolocation, can enhance authentication with behaviour metrics based on the activities of the user, enabling a more convenient experience,” he explains. “Potential user authentication technologies include fingerprint, face or voice print, iris structures, ear shape, heartbeat analysis, as well as activities such as keystroke analysis and handwriting.”

Behaviour metrics differ from biometrics in that they utilise what a person is doing - tied with their mobile device - to better prove that they are who they say they are. “With behaviour metrics, you can look at who your users are, what they are trying to access, and where they are trying to access it. You need to have an ecosystem to deliver different controls based on those three groups, and flexibility for users,” says Alikhani.

He points out that in a dark room, a smartphone camera is not going to “pick up” the face; in a loud taxi, voice recognition probably won’t work; in police, fire and health vehicles where gloves are often worn, a fingerprint sensor is not optimal. “So you need options, almost like a menu, to give users choices. Even when people type onto their device or laptop keyboard, they have a specific signature based on velocities, rhythms and pressure. If you identify these factors passively, you get very rich indicators that enable frictionless authentication,” he adds.

Could this spell an end to passwords and will it be affordable? According to Alikhani, “whether we realise it or not, what we’re going through here is the death of passwords.”

He highlights that RSA’s vision is to evolve technology to meet the changing needs of organisations and protect them as they move into the realms of cloud, mobile, social and big data.

“It requires an organisation with the ongoing vision and an ecosystem of partnerships that implies protocols and standards, not another point solution vendor that can provide the cheapest option. With cloud, for example, all of these companies are going to be communicating, authenticating and cross authenticating, so you have to have protocols and standards to make that happen,” he concludes. “Organisations want something that is cheap to deploy, that is convenient to users and will protect all their information. Of course, this doesn’t exist. You have information and you don’t want that circulating freely on the Internet, so there is a value to protecting that information.”

Sounds like a match made in heaven.


comments powered by Disqus


This edition

Issue 72