Mobile authentication is the verification of a user’s identity through the use a mobile device and one or more authentication methods for secure access.
Mobile authentication may be used to authorize the mobile device itself or as a part of a multifactor authentication scheme for logging into secure locations and resources.
Password entry is clumsy on cell phones, especially when including capital letters, numbers and symbols.
Some alternative methods of mobile authentication include:
- Non-text passwords, where symbols or images might be chosen from a randomly-generated field.
- Digital certificates using public key infrastructure.
- Smartcards with stored authentication data.
Out of band authentication, where the user places a call to obtain authentication.
- One time passwords (OTP) through phone apps or SMS messages.
Some organizations have a need for extra security beyond ID and password for log in, but added devices and methods can make the procedures too cumbersome for employees. The ubiquity of smartphones can help ease the burden here, however. Most smartphones have a GPS device, enabling reasonable surety confirmation of the login location, a camera for potential facial recognition and iris scans, a microphone for voice recognition; some also have touch screens that can be used for fingerscanning.
Mobile devices that use more than one of these capabilities are functionally multifactor tokens. An example is the use of a smartphone software token app that taps into GPS location and scans a fingerprint, all within a device that the user was probably going to be carrying anyway. For administrators, the main benefit of a software implementation is that there are no extra physical devices to manage.