First, a disclaimer: For many organizations, physical credentials, such as ID badges, will always serve an important role. Next, an opportunity: Mobile credentials are making authentication a lot more efficient and convenient for many healthcare organizations, universities, commercial enterprise businesses. We’ll help you decide whether going mobile is right for your organization and how to do it.
What is a mobile credential?
Think of the way Apple Wallet, Google Wallet and other Digital Wallets allow you to securely pay for items with a tap or wave of your smart phone. Your payment card information is stored in your digital wallet, so there’s no longer any need to carry a physical card with you. As the digital wallet grows to contain other identity-based items — loyalty cards, coupons, gym cards, building access credentials, parking passes, driver licenses, student IDs and even car keys — you won’t need a wallet at all.
All of these physical objects now have digital equivalents that can be carried in your phone. When we use the phrase mobile credential, however, we mean something very specific: a digital version of the ID badge, FIDO key or other physical credential used for logical access to workstations, networks, multifunction printers, time and attendance tracking systems, cashless point-of-sale systems and more — ideally every system across the organization that requires identification of authorized users for secure access.
How does it work?
Mobile credentials use one of two technologies that are both included on practically every smartphone manufactured today or in the last several years. Bluetooth® Low Energy, or BLE, uses a two-way 2.4 GHz radio link to read user credentials in applications where identifying users and their approximate location is critical, and the risks of a security breach are relatively minor. For example, BLE authentication on a construction site could ensure access to heavy equipment is disabled unless a qualified operator is present. The longer range of BLE is also ideal for applications that don’t require employees to take an action such as waving a phone over a reader.
Near-field communication, or NFC, uses magnetic field induction to read credentials over a much shorter maximum range than BLE. This makes NFC a great solution for use cases like workstation authentication or secure print release.
For more information about the ideal applications for each technology, read our blog post, “Mobile Credentials: Should You Choose BLE or NFC?”
So, why go mobile?
While many organizations will prefer to stick with their physical credentials, mobile credentials are flourishing across industries. In fact, 32% of all organizations use mobile identities today. And by the end of 2023, there will be 120 million downloads of mobile credentials. Supplementing your existing credentials as well as migrating to mobile credentials can bring several benefits - to you and your employees.
Greater security. Unlike an ID badge, smartphones come with built-in security in the form of a password, fingerprint or facial recognition to unlock the device. From here, accessing Wallet requires the user to authenticate again, verifying the identity of the designated user. The mobile employee badge is built on the same security framework we trust for making payments. So, if Wallet can be trusted for secure financial transactions, it can be trusted for logical access. Multi-factor authentication can reduce the risk of successful cyberattacks by 99.9%.
In addition, users are protective over their mobile devices, making Wallet a credential that they will protect at all costs. Of course, even if their smartphone is lost or stolen, the authentication factor will protect its data. Finally, users are less likely to leave the house without their smartphone as they probably rely on various wallet credentials outside of the office.
How do I migrate from physical to mobile credentials?
For organizations building new facilities or implementing a logical authentication solution for the first time, a mobile-first or even mobile-only strategy likely makes sense. Where a physical credential-based system is already in place, migrating to a mobile credential solution is relatively easy. Mobile and physical credentials can even coexist using credential readers that work with both. You are probably asking yourself:
The answer is not simple, but it does not have to be as complex as you may think. Below we map out how to go about planning for a mobile first authentication strategy.
Plan, stage and learn. It may be advantageous to begin with a single facility or user group, learning from the process as you expand the rollout. Use the benefits gained with each rollout as a marketing tool to create excitement and buy-in among employees and administrators throughout the organization. For example, while university students are accustomed to using their phones for absolutely everything, longstanding employees may be wary of putting a work-supplied credential on their personal phone — until they see how it is simplifying the workday for their colleagues.
Define your current and future state. Map out the existing physical and logical access points, as well as any unprotected devices and processes that would benefit by inclusion in a credential-based secure authentication system. This is an excellent opportunity, for example, to implement a simple, secure check-in process for contractors and guests, with the ability to send credentials remotely to their phones. Now is an ideal time to upgrade and expand your security ecosystem.
Choose your credential. Determine which authentication technology, BLE or NFC, and which mobile credential you want to use. BLE, for example, can open doors, lock/unlock workstations or track employee locations throughout a facility based on general proximity to readers, without requiring any overt action on the part of users. NFC is more appropriate for securing corporate networks, health records, sensitive print jobs, payment systems or any other application where you want to be sure the authorized user is in close proximity and actively presenting a valid credential. Mobile credentials are available from a variety of highly regarded providers, including Wavelynx, Orange, HID and others.
Review existing user IDs. Determine the existing user information and any new information you want to include in an enrollment portal for new mobile credentials. Be sure to get alignment from all departments and stakeholders on their authentication and identification needs. In a workplace setting, for example, only subsets of all users should have access to secure printers or IT servers containing sensitive data. Not all credential access is created equal.
Train users. This is easy because people are so accustomed to using their phones for many purposes. Many already use the mobile wallet, and the mobile authentication process is no different, simply tap and go, the same way you would use a contactless payment card.
Roll out mobile credentials remotely. Usher in a new way of credential provisioning. Your credential provider provides software to make provisioning, managing and revoking credentials simple, with no need to physically interact with each employee.
Get help from a trusted partner. As logical authentication leaders for nearly 30 years, rf IDEAS can apply the same range of services and products for mobile access that we did for physical cards. Our team understands that we are all on a journey to a new way of requiring, auditing and enabling access. From mobile workforces to MFA mandates, to cloud computing, to staff turnover, the world supports a mobile-first experience. Our role in that experience is helping you see the potential for mobile credentialing beyond the door – leveraging the most out of your credential migration so that you can seamlessly and securely navigate the transition to the future of access control.
Call us at +1 (866) 439-4884 or contact us via our website, and let’s explore the most efficient, effective mobile strategy to secure your future.