As the product marketing manager for rf IDEAS, it is only natural that I get asked a lot of questions about enterprise security, particularly with regard to logical access and authentication to secure devices, networks and data. These days, with security breaches becoming more sophisticated, with the workforce embracing home and remote offices during the pandemic, and with concerns about hygiene when employees do work in the office, the questions I hear are becoming even more pointed and urgent.
Every conversation takes its own path, of course, but here is a quick FAQ based on the questions I tend to hear most often.
Question: What’s the weakest link in any secure access system?
Answer: Passwords or PINs, which can often be stolen, guessed or hacked. If different systems require different passwords, users are more likely to write them down, making an intruder’s job simple. Plus, with all the worry about surface spread of the virus, it isn’t always a good idea to use a keyboard or pad on shared devices.
Q: What about a contactless system, where users can tap a secure ID card to a reader to get access?
A: That is a much better solution. Each card is unique, the ID data can be encrypted to thwart hackers, and a contactless system is both easier to use and less likely to spread germs. But employees do need to take care to avoid having their credentials misplaced or stolen.
Q: What could happen?
A: At the very least, a lost or stolen credential means the user can’t access devices, networks and data to be productive. At the worst, criminals can gain access until the missing card is noticed, a security officer is notified, and access using that credential is revoked. Close to 30% of all breaches involve the use of compromised credentials. Stolen money and data, malware, phishing, denial-of-service, ransomware and a whole lot of other attacks have happened due to stolen passwords and other credentials.
Q: So, what’s a security-minded business to do?
A: Use multi-factor authentication. It is exponentially more secure because the user must produce at least two uniquely identifying characteristics: “something you know” (a password or PIN), “something you have” (a card or a badge) and/or “something you are” (a biometric identifier, such as a fingerprint, face or voice).
Q: But that sounds so inconvenient! So now getting access is doubly complicated? And isn’t it just as easy for users to forget their card so they can’t get access at all? Plus, don’t they still have to touch shared keyboards or pads to get access?
A: No, no and no! It is true that traditionally all of those limitations did apply to multi-factor authentication systems. But now there is a better way, and you probably have it with you right now in your pocket or purse.
The answer: Smartphone mobile access for all-in-one multi-factor authentication
For multi-factor authentication to work, each identifying factor must be independently secure and always in the user’s possession at each logical access point. But if the “something you have” is a virtual credential stored on your phone, then the “something you know” can simply be the PIN, pattern or other method you use to unlock your phone. Alternatively, the “something you are” can be a fingerprint scan or facial recognition for unlocking your phone.
Anytime the phone is unlocked (factor 1), the mobile credential (factor 2) can be read when the phone is in proximity to a compatible reader attached to a workstation or device. Mobile credentials take advantage of the Bluetooth® Low Energy technology incorporated into most smartphones, providing encrypted credential data to the reader from a short range—close enough to require the user’s physical presence, but with no need to touch the reader.
Smartphone mobile access is convenient
Smartphones are an ever-more essential feature of modern life, both as a personal convenience and a business necessity. A survey by the mobile credential provider Safetrust found that almost 40% of people already use their phones to control smart devices in their homes and expect to use them to control smart devices at the workplace within the next five years. And according to a Gartner forecast, 2020 is the year that 20% of businesses adopt mobile credentials, as compared with only 5% just four years ago.
Convenience is one factor driving the change. According to the same survey, one in six people misplace physical credentials every week—and 36% do so at least once per year, only to spend a total average of 3.5 hours searching for them. That doesn’t include the time lost when employees simply forget to bring their credential to work or leave it somewhere inconvenient.
By contrast, most users automatically have their phones at hand wherever they go. So, their mobile credential is available whenever they need access to a secure system, whether at the office, at home or on the road—a convenience that can significantly improve personal and business productivity.
Mobile access is secure
Users tend to guard their phones with a level of care that they don’t devote to employee badges. The Safetrust survey found that more than one-third of employees have loaned their credentials to someone else. Many more have temporarily misplaced or lost their credentials. People are much more possessive and careful with their phones, and much more likely to notice right away when a phone is lost or stolen. If that happens, the mobile credential can be immediately revoked through the management portal, then re-enabled if the phone is found or replaced.
In the meantime, an attacker in possession of the phone would need to have the PIN, password or pattern to unlock it. They would also need physical access to a credential reader configured to read that specific mobile credential, connected to an application authorized for the owner of that credential. If the phone unlocks with biometric identification, the attacker would also need to have the authorized user’s face or fingerprint—not likely, to say the least, and easily preventable with secure anti-spoofing solutions available on the market.
Mobile access is easy and affordable to implement
Mobile credentials can be downloaded like any smartphone app, with licenses acquired and managed by the organization through a secure portal provided by the issuer. There is no need to physically handle credentials, so there is no need for remote workers to come into the office or for cards to be sent by mail. By issuing mobile rather than physical credentials, the company saves time and money while enabling employees to be more productive. Secure mobile credentials can be issued, and the license activated virtually anywhere within minutes.
With simple, digital licensing and management, mobile credentials can reduce the labor and overall cost of managing multi-factor security. And with readers that are capable of reading both traditional and mobile credentials, organizations can extend mobile access to users who need it while preserving their investment in existing card-based access.
For enterprises or small businesses that are implementing secure logical access to devices, networks and data for the first time—or updating access systems due to mergers and acquisitions—implementing mobile access is even more affordable, from full systems to standalone solutions. And it makes simple sense, because mobile authentication is in the future of virtually every security-conscious business.
rf IDEAS is your mobile access partner
As the logical access control pioneer and long-time leader, rf IDEAS is laser-focused on the opportunities for mobile access.
Our WAVE ID® Mobile Readers work with today’s most widely used mobile credentials—including HID® Mobile Access, Orange Business Services Pack ID and Safetrust Wallet—while simultaneously supporting virtually every proximity and smartcard technology used worldwide. Of course, we also continue to offer the single- and dual-frequency WAVE ID® readers that set the standard for physical credential access, supporting practically every ID card in use worldwide. Together with our partners, we are continually at work expanding our both our mobile and traditional access offerings, services and expertise.
We will help you embrace the future of mobile authentication and access. Learn more and tell us about your unique authentication needs. Contact your rf IDEAS representative or for more information reach out to [email protected] to get in touch with one of our mobile experts.