As mobile devices cement their spot in enterprise computing, biometrics will become a key technology for providing higher-levels of authentication for end-users, according to a Gartner report.
The analyst firm says in the next two years 30 percent of organizations will use biometric authentication on mobile devices. Today, only 5 percent have deployed it.
Biometric options are emerging in the mass market.
Apple last year added a fingerprint reader to its popular iPhone, but as of yet the technology is not available to applications developers.
Modern smartphones, however, hold other biometric options, including cameras and microphone, which can support technologies such as facial and voice recognition.
In addition, the FIDO Alliance is working on a protocol to provide the infrastructure to support standardized strong authentication, including biometrics.
The FIDO protocol leverages existing device hardware such as TPM chips, Near-Field Communications and One-Time Passwords, along with biometric devices such as fingerprint readers, microphones, and cameras to support two-factor authentication.
"Mobile users staunchly resist authentication methods that were tolerable on PCs and are still needed to bolster secure access on mobile devices," Ant Allan, research vice president at Gartner and a co-author of the report, said in a statement. He said security pros must recognize user experience while respecting security best practices.
Allen writes that enterprises should look at biometrics to support higher-levels of assurance, including voice recognition, face topography and iris scanning. Those methods can be coupled with other authentication methods and still fall within the range of user acceptance.
The report cautions, however, that authentication methods should not vary wildly between traditional laptops and PCs and mobile devices.
In the coming month, Ping Identity is adding authentication options on mobile devices that mirror what enteprise users are familiar with today.
The report says four-digit authentication codes are not appropriate for devices that hold corporate applications and data. At a minimum, Gartner says organizations should require a password of six alphanumeric characters on devices and enforce the policy with mobile device management tools.
In addition, Gartner recommends an additional authentication beyond device authentication in order for users to access mobile applications.