Pros and cons of mobile tokens in authentication1
Posted on 31st Aug 2011 by Gemalto in Enterprise
I recently discussed the future of the online banking industry and how the FFEIC should shape its next set of guidelines to ensure the safety of both banks and their customers in the years ahead. However, one area which I didn’t explore in that post is the mobile platform, and the role it has to play in the evolution of authentication. Symantec blogger Mike Jones recently put his neck on the line, saying that he believed mobile tokens were the future of the authentication industry – here are my thoughts on that.
I am a firm believer in convenience – in my eyes, the more convenient a security solution is, the more likely it is to be used, and this can only possibly be a good thing. And there is no better example of this than my smartphone. I have dozens of apps available at my fingertips and because they are so convenient to access, I use them for everything I possibly can. While we in the security space have an elevated awareness of security risks, your average consumer doesn’t even consider security on their smartphone, which is another argument for making security convenient.
Using this reasoning, one could argue that putting an authentication token on a mobile should represent the logical future of our industry. However, while mobile tokens are one option for multi-factor authentication, it is important to realize that the hardware components offer some basic benefits that phones do not – at least from a security perspective.
A mobile phone is a relatively new platform for commercial activity. Its immaturity and the fact that it is rarely used for ‘high value’ activity (e.g. transactions or sharing of sensitive data) means that the phone as a platform has not been an attractive target for hackers. But it has an operating system, and is potentially vulnerable to attack like any other. If it were attacked, thanks to its persistent connectivity, any security tokens stored on that platform would be open to compromise from a distance. A hardware token, isolated from any network, is not vulnerable to such an attack.
Hardware tokens are also self-contained – they are usually sealed at the factory, cannot be tampered with, and do not perform any other function. They are simple, which seems limiting but, in fact, is perfect for their use. Because I cannot manipulate the sealed environment of the hardware device, I cannot break it unintentionally (unless I physically break the device). It is immune to software conflicts, version compliance and all manner of other issues which could affect a software platform.
Mobile tokens afford a level of convenience and cost-effectiveness that are perfectly suited to lower-end security needs, and can also be updated in the field. However, where higher security is needed, hardware tokens still have their place.
In short, there is no one type of authentication device or software that will ever be truly universal, and this in itself brings a measure of security. With a more diverse selection of solutions on the market, those who seek to compromise them will be faced with an even greater challenge.
Filter by category
Tags#GemaltoNFC 4G Apple BYOD Digital Security EMV Facebook Gemalto IOT IoTMaker Isis LTE M2M MasterCard Mobile NFC OTP Payments SIM SMS Twitter USA Visa authentication banking cio cloud contactless convenience ebanking fraud hacking identity innovation internet of things machine-to-machine mobile world congress mobile payment mobile payments mobile wallet mobile marketing multi-factor authentication online banking password passwords security smartphone strong authentication technology two factor authentication
Around the siteRecent Posts
- MWC 2015 Turning up the heat with our IoTMaker prototype - 04/03/15 @ 05:12
- Four fun, quick things to do at MWC 2015 - 04/03/15 @ 04:18
- MWC 2015 Behind the scenes: building our IoTMaker winner demo - 04/03/15 @ 01:01
- How does Back to the Future’s Hill Valley 2015 compare to today’s reality? Part 3: Predictions for our future - 04/03/15 @ 08:32
- Key themes at MWC 2015 highlight the need for On-Demand Connectivity - 04/03/15 @ 08:12
- Running the ball would have saved the Seahawks. No... - 04/03/15 @ 12:49
- The demand for connectivity is huge and will not dr... - 04/03/15 @ 12:42
- These emergency devices seem very interesting for g... - 02/03/15 @ 07:08
- Interesting contest.. Looking forward to meet you a... - 25/02/15 @ 10:34
- The resource that you mentioned here is something t... - 22/01/15 @ 09:42
- Gemalto (199)
- Tim Cawsey (58)
- Marta Bordonada (52)
- Dominique Brulé (37)
- Jennifer Dean (33)
- Manfred Kube (32)
- Bernd Eckenfels (29)
- Philippe Benitez (28)
- Kristel Teyras (23)
- Ken Abbott (20)
- John Ahlberg (19)
- Rémi de Fouchier (15)
- Neville Pattinson (15)
- Nicole Williams (13)
- Isabelle Lodo (12)
- Jack Jania (11)
- Brittany Jedrzejewski (11)
- Michelle Leech (10)
- Axel Hansmann (10)
- Stéphanie Viriot (9)
- Cecile Eurendjian (8)
- Kim Depussé (8)
- Paul Kobos (8)
- Ernesto Haikewitsch (7)
- Naomi Lurie (7)
- Pierre Lelievre (6)
- Arta Sylejmani (6)
- Vincent Truffier-Blanc (5)
- Macey Morrison (5)
- Xavier Larduinat (5)