Answer

Mobile access management faces same old security problems

How are passwords and access management changing for mobile applications? Does two-factor authentication still make sense when the application is accessed from the cell phone we're texting the second code to?

Requires Free Membership to View

Regardless of the platform, passwords continue to be the same old problem creating the same old security headaches -- and risks. It started with mainframes. Then it became an issue with standalone and then networked computers. Web applications and now mobile apps have evolved and the problems are no different. Passwords are the weak link that we can’t seem to get our arms around.

Two-factor authentication is no doubt the answer to many of the traditional password weaknesses. Using two-factor in the context of text messages to the same devices does somewhat defeat the purpose of two-factor.

There are other ways you can implement two-factor with mobile apps. Be it via technologies such as the iPhone 5S’s Touch ID, one-time tokens and the like, two-factor can be implemented in just about any environment.

The technical controls are the easy part. It’s the human factors that are the most challenging.

The bigger question is: How viable is two-factor? Can it really become mainstream?

Based on what I’ve witnessed, the technical controls are the easy part. It’s the human factors that are the most challenging. Is two-factor realistic with your specific users?

Are people going to be willing to take the extra steps required? Will management support that approach? If the users and management don’t really want it, will developers have the incentive to integrate these technologies into their mobile apps?

The thing we have to remember is that human beings are going to take the path of least resistance with security. It’s really that simple. Be it with operating systems, Web applications, or mobile apps, when it comes to mobile access management, two-factor authentication looks great on paper. The vendor marketers are proud to flaunt it as the solution to your security woes. But unless and until users, developers and other stakeholders truly see the value, we’ll continue down the path of good old fashioned, often weak passwords.

Until we start seeing more authentication options built into the hardware like Apple has done with Touch ID -- similar to how unified extensible firmware interface (UEFI) is replacing the traditional PC BIOS and vendor solutions like Intel’s Anti-Theft technology are integrated into certain PC hardware -- I’m not convinced two-factor is going to make much of a splash with mobile apps.

This was first published in February 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest