Get your irises out. Mobile biometric security is on a roll

The leading industry prognosticators have pronounced that by 2016 (just two or three years away) 30 per cent of organisations will use biometric authentication on mobile devices. Just 5 per cent do so today.

So, OK. That doesn’t imply that everyone in 30 per cent of all organisations will have biometric authentication, and it’s only on mobile devices. It’s that nearly a third of all companies will require it of some of their employees when accessing particular parts of the empire. It’s starting to feel more feasible, but it’s still a surge.

Why the sudden upswing?

Because we can. Mobiles have the necessary supporting equipment already built in (cameras, high definition displays, microphones, speakers), so it’s feasible to have a bit of biometric (faces, irises, voice recog.) as an add-on to the good old password which, Gartner points out, is still the best first line defense. But if passwords are a pain and a breach of security is not THAT painful, there might be deemed enough ‘contextual’ info on the phone to make that and biometric a replacement security approach.

To quote Gartner, “Suitable authentication modes include interface interactivity, voice recognition, face topography and iris structure. These modes can be used in conjunction with passwords to provide higher-assurance authentication without requiring any significant change in user behaviour.

Moreover, as a mobile device itself provides a rich node of identity-relevant contextual data, this information can also be used to increase the trust in the claimed identity. It is possible that the combination of passive biometric authentication and contextual authentication will provide sufficient assurance in medium-risk scenarios without the need for "gateway" authentication events using passwords or tokens.

So there’s the ‘how’. The ‘why’ is consumerisation and BYOD - bring your own device.

Users of mobiles have trained themselves to expect things to work slick and simple on mobile and tend to get lax if security is tedious, or to quote Ant Allan, research vice president at Gartner, "Mobile users staunchly resist authentication methods that were tolerable on PCs and are still needed to bolster secure access on mobile devices."

Says Gartner: while most organisations require robust passwords on laptops, smartphones and tablet devices often have access to the same applications and critical data but not the same levels of security. The increased number of devices in play also exacerbates the exposure of critical information. Implementing standard power-on password policies is made much more complex by the acceptance of BYOD practices, with the inevitable clash over user rights and privacy.

In other words it’s just become so consumery out there that the old security requirements on the desktop PC just haven’t grafted over. It might be easier to change the security methods than change the user behaviour. Biometics here we come.

Follow the writer on Twitter @ ian_TTV