11월 5, 2019

Which authentication method is best for your business phones?

Jim Haviland

 

Smartphones and tablets have revolutionized workflows for businesses of every size, giving employees the ability to work from anywhere. Unfortunately, the information on those devices is not secured unless authentication measures have been put in place, meaning the freedom of being mobile carries with it significant risks of lost and stolen devices.

Some employees may resist the inconvenience of authentication protocols, but it should be considered a nonnegotiable requirement of using mobile devices in your business — and that includes you, by the way.

Luckily, you have many choices about how to authenticate a user’s identity. Gone are the days of requiring excessively long passcodes, making authentication a business-wide headache. With biometric authentication, users are now able to validate their identity with a fingerprint or facial recognition. Each method has limitations, advantages and disadvantages to consider.

 

Evaluating biometric authentication for your workplace

Biometrics and biometric authentication have evolved over several generations of technology. Government and military computers and access doors have used fingerprints and retinal scans for years, but the technology has matured to the point where it can be packed into a mobile device and can respond quickly and reliably. In general, security organizations such as the RSA suggest that sensitive information be protected by a multifactor authentication approach where biometric authentication is part of the access control solution.

For each biometric authentication method, the factors that should be considered include:

  • False acceptance rate (FAR): Can someone get by the authentication if they aren’t actually the intended user? This is known as spoofing. Unless your business interests have no value, you don’t want to select a method that can’t be relied upon to deny inexact matches. You have better secure methods you can select from.

  • False negatives: In a biometric system, a false negative is when the right person can’t get through. This is usually caused by environmental or contextual factors that make capturing reliable biometric information difficult. Most often this will include lighting, dirt or clothing that makes authentication more difficult. When making your choice, this is potentially where you have the most control. If the environment where your authentication need is at all predictable, start here for differentiating the methods. Consider whether your users are wearing gloves or eye protection, or will be using devices in harsh conditions.
  • Speed to open: Authentication that takes more than a few moments will feel like an extraordinary burden to most users. Luckily this is an area where modern computing speeds have caught up to user attention spans enough to make wait times on certain authentication methods all but imperceptible.

  • Ease of integration: Can the solution be added to interfaces and content types that are most important to your business? Device manufacturers and application developers that have any sort of security focus will likely support multiple approaches to accommodate the array of needs that most businesses have.

 

Facial recognition

Facial recognition uses a camera or three-dimensional scan to read the face of the user. Faces are truly unique only to the degree that you capture the reference images and the scanned image in sufficient detail. Systems that use traditional camera images are relatively easy to spoof and are highly dependent on lighting and angle of capture.

Three-dimensional scanning of the face is more difficult to cheat, but this type of authentication also faces challenges, like recognizing people who change glasses or hats and requiring undivided attention from a user for at least a moment. For many knowledge-worker use cases, the user’s attention will be required anyway (to read an email, for instance). If the device is used in an industrial or emergency situation, on the other hand, looking at the device even for a second can be undesirable, if not disastrous.

Facial recognition is available on many of the most recent Samsung devices, including the Galaxy S10 and S10+ and the Galaxy Note10 and Note10+.

 

Iris scanning

The iris is an extraordinarily complex part of the human anatomy, far more complex and unique than a fingerprint and much more available if you are wearing gloves. Originally, the complexity of iris scanning made it difficult to implement on mobile devices, but Samsung devices introduced the option in 2017.

The extremely low FAR rate for iris scanning comes at the slightest cost of time. There can also be some false negatives from glare or sunlight, but this is a good option for high security in manageable light conditions.

Iris scanning is available on the Samsung Galaxy S8, S8+, Note8, Galaxy S9, S9+ and Note9.

 

Optical and capacitive fingerprint sensing

Most smartphones today leverage either optical or capacitive fingerprint sensing technology. Optical sensors work much like cameras, analyzing an image of the print to compare key markers and make a match. While better implementations incorporate antispoofing algorithms, optical technology can in some instances be fooled by a two-dimensional reproduction of a person’s print.

Capacitive sensors generally have lower FARs and won’t be spoofed by a two-dimensional reproduction. Instead of an image, they use an array of tiny capacitors to sense the ridges of the fingerprint in contact with the sensor. While more secure than the optical-based methods, capacitive sensors have been on rare occasions spoofed with fingerprint casts.

If optical or capacitive fingerprint sensors are used in conjunction with a second authentication factor, like a passcode (see below), they are a very secure method — but adding the second factor impacts usability.

 

Ultrasonic fingerprint ID

Introduced in the Galaxy S10 and S10+ and the Galaxy Note10 and Note10+, ultrasonic fingerprint ID added greater security and convenience. Ultrasonic fingerprint sensors use ultrasonic waves to build a highly accurate 3D model of the print. The full contours of the fingerprint are used to authenticate — making it extremely difficult to spoof. The ultrasonic sensor can also be embedded behind the display, maximizing screen real estate.

 

Multifactor authentication

Multifactor authentication (MFA) uses a combination of authentication factors to determine a user’s identity. Most commonly, two-factor authentication (2FA) is used as a combination of something you have (like a credit card) and something you know (like a PIN). In mobile devices, biometric authentication methods are referred to as inherent factors, as the biometrics inherently belong to the person whose identity is being verified.

MFA is most useful when you are securing highly privileged information or are trying to comply with specific regulations. Governments, the military and some high-security businesses have been using MFA for years, but mobile devices and biometric authentication on mobile devices have made it easier to implement for smaller organizations.

 

Beyond device unlock

Securing access to a device is just the first step. Once the device is unlocked, many apps and services will also have authentication requirements. If you think through the activities that your employees will take on during the day, you might find that they spend a significant amount of time authenticating, typing passwords and probably getting frustrated.

With Samsung Pass, you can use biometrics to eliminate the need for passwords on business applications and web services when using the Samsung Internet Browser. This can make each resource both easier to access for the right user and harder for the wrong ones, as each resource can leverage more complex passwords while also relying on the latest and most secure biometric authentication methods.

 

Making a decision

There are many considerations involved in choosing a biometric authentication method, but on a basic level, start with these three:

  1. What environment will users be in? There are secure options for both looking at and touching the device, with iris scan and ultrasonic fingerprint, respectively, being the most secure. Light, dirt and protective clothing, to name a few, can make one approach or another less workable. With devices like the Galaxy S10 and Galaxy S10+, you can standardize on a device and customize which approach is used by the type of work employees are doing.

  2. What apps or sites will they use? If users’ work entails multiple sites requiring a login and/or apps with separate authentication methods, consider a unifying password management approach like Samsung Pass.

  3. Is there a regulatory compliance requirement? If the data being accessed or collected with the device has some implication for privacy, personal information or financial information, consider a multifactor solution. These MFA methods can be very cumbersome unless you can utilize the biometrics built into Samsung devices.

When it comes to biometric authentication, the only choice that is the clear wrong one is to overlook it. The number of data breaches in the U.S. has been increasing rapidly, growing by 54 percent in 2019 alone, with more small businesses being targeted. With so many easily accessible authentication methods available, there’s no reason not to take advantage of them and keep your business and your data safe. With the right method, your mobile workers and data are more secure and, with the help of Samsung’s built-in biometric options, easy to implement and use.

Learn how your business can be more proactive in securing its mobile device fleet with incident response reports by downloading a free white paper.

[아이콘] 닫기

삼성 Knox 시작하기

[아이콘] 여행가방
리셀러, 솔루션 공급업체 또는 서비스 공급업체이신가요?

지금 Knox 파트너가 되어 비즈니스 성장을 도모하세요.

[아이콘] 정보

시작할 Knox 제품 선택:

올인원 번들
Knox Suite
리브랜딩 및 맞춤 설정
Knox Configure
사기 및 도난 방지
Knox Guard
디바이스 보호 플랜
Samsung Care+ for Business
기타 제품 및 서비스

시작하기

[이미지] Knox Suite

기업용 모바일을 위한 일체형 솔루션 번들

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 회사 디바이스를 안전하게 보호, 배포, 관리 및 분석할 수 있는 완벽한 툴 모음입니다.
  • Knox Suite와 함께 제공되는 강력한 기능을 사용해 보세요.

Knox Suite에는 다음이 포함됩니다.:

Knox Mobile Enrollment 무료
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise 무료
Knox Remote Support
Knox Capture
Knox Authentication Manager

시작하기

[이미지] Knox Configure 로고

삼성 디바이스를 리브랜딩하고 맞춤 설정하세요.

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 삼성 디바이스를 대량으로 구매하는 즉시 원격으로 구성하고 특정 요구 사항을 충족하도록 맞춤 구성합니다.
  • 디바이스를 일회성 배포를 위해 설정하거나 원하는 만큼 업데이트할 수 있습니다.

시작하기

[아이콘] Knox Guard 로고

삼성 디바이스를 위한 사기 및 도난 방지

  • 최대 30대의 디바이스에 제공되는 90일 무료 평가판을 사용해 보세요.
  • 원격으로 삼성 디바이스를 제어하여 금융 관련 위험성을 줄이고 자산을 보호하세요.
  • SIM 제어 및 디바이스 잠금 기능을 포함한 Knox Guard의 모든 기능을 사용해 보세요.

시작하기

[이미지] Samsung Care Plus For Business 로고

삼성 디바이스를 위한 디바이스 보호 플랜

  • 빠른 디바이스 수리 및 교체로 업무 중단을 최소화합니다. 시작하려면 삼성 영업팀에 문의하세요.
  • 한 곳에서 모든 디바이스 보증 범위 및 청구 정보를 확인하세요.
  • 이미 Samsung Care+ for Business를 구매하셨나요? Samsung Care+ for Business 콘솔에서 계정을 만들고 플랜을 활성화하세요.

기타 제품 및 서비스

[이미지] 기타 로고

고객의 고유한 요구 사항을 해결하는 최신 솔루션입니다.

  • Enterprise Tech Support를 통해 전담 계정 관리자로부터 효율적인 기술 지원을 받아보세요.
  • 삼성 소프트웨어 맞춤 설정 서비스를 사용하여 귀사를 위한 맞춤형 디바이스를 만들어 보십시오.
영업 팀에 문의