South Florida Code Campers to learn Mobile Multi-factor Biometric Authentication
Lesson One: the three “must-haves” of MFA mobile
How do you secure mobile applications against hackers? How do you keep fraudsters from hijacking bank customers’ online credentials? Application developers now face complex security challenges, with the stakes growing higher every year. To help them better understand the subtleties of biometric authentication for mobile, the organizers of South Florida Code Camp have invited Fortress Identity to speak at this year’s Geek Fest at Nova University on March 2.
According to CEO Alessandro Chiarini, a truly effective solution must be multimodal, multi-factor, and provide the flexibility to combine layers of protection as necessary to meet a given organization’s requirements. Though the biometrics field is crowded, very few firms offer all three components.
The rising incidence of internal and external data breaches has transformed the process of confirming user identity. “At one time, there are three forms of authentication,” Chiarini says. “What you know – for example a password. What you have – say, a token. And what you are, your personal metrics.
“Things have changed. Passwords, ID cards, challenge questions and OTP pins are now routinely exploited. Of the three types of authentication, only biometrics can truly secure an asset. And only then if you implement multiple modes and factors of biometric protection.”
SDK for mobile iOS. SDK for Android
For Fortress Identity, voice authentication is one of the key biometrics that provides nearly impossible-to- exploit security and ease-of-use for people on their phones. A user seeking access is asked to recite a random 10-digit number, which is compared to a registered voice print in terms of roughly 80 different characteristics.
Simultaneously, other passive biometric measurements are being analyzed in the background: how the user swipes, types, holds the phone, etc. It’s protection in-depth and, because we all have unique biometric measurements, extraordinarily difficult to spoof.
Chiarini stresses the importance of flexibility to developers. “Not only does our full-spectrum of modalities enable you to specify exactly the security you want,” he says, “but you can even roll it out incrementally. If your client asks you for step-up security, you can tell them: ‘No problem. We have additional modality built into the SDK.’ They will admire your foresight.”
Meeting with developers is one of Alessandro’s favorite activities. “Developers and systems architects immediately recognize the ingenuity and breadth of our solutions,” he says. “And when they find out they can surround their systems with walls of biometric armor with minimal code—they’re delighted and relieved! The usual reaction: ‘Where do I sign up for your mobile biometric SDK?’”