I’ve just started using Apple’s new facial recognition technology and boy is it natural (frictionless). Even my wife has said “going back to fingerprint is like using a fisher price toy now”. My wife is the opposite of an early adopter (not a late adopter silly, she just dislikes the friction associated with new technology even though she appreciates the new capabilities). For her to say that is a big deal.
It means Apple’s onto something.
And that means that companies are going to have to figure out how to incorporate facial recognition, and whatever comes next, into whatever they do. I have to say, I’m not optimistic. One of the banks I used just recently finally incorporated TouchID! It takes a long time for established/traditional/conservative companies to incorporate new technology, especially new security technology.
Enter API Biometrics
CA’s Mobile API Gateway now integrates with Samsung SDS Nexsign. Samsung leverages FIDO to support biometric security integration. CA’s integration with Samsung gives users of our API gateway and secure mobile SDKs a way to take advantage of biometric authentication in apps, web pages, and API gateway policy (including risk scoring to help companies balance security ease-of-use with the risk-burden of the organization).
Satyavati’s post describing the integration architecture and key value points are well written, so I don’t feel the need to rehash them here. (Go read them.)
I only want to point out two small things, maybe obvious, but definitely overlooked:
- However secure fingerprints are (or are not) or facial maps are (or are not)… as security teams argue one way or the other, most people simply remove security rather than “deal with the friction”. We have to remember that often we are competing against non-consumption and not the “best, but hard to use, alternatives”. A useful stat presented before TouchID, about 50% of users didn’t have any pin at all. Now, Apple’s own user stats reveal that 89% of people protect their phone with TouchID. Takeaway: Companies need to figure out how to incorporate biometrics into their security posture, and separate the pain of managing risk from their customers. (Meaning, just let customers use biometrics and then manage your risk-based security policies to reflect how secure/insecure your companies perceives biometrics to be.)
- Your users are expecting you to adopt this technology, and that adoption sets their perception of your company. The expectations on this stuff are driven from the outside-in, and we (as implementers/architects) need to be more sensitive (I chose this word specifically, as I think technical decision makers are often not sensitive to realistic user behavior in spite of the facts overwhelmingly in support of a particular technical point of view) to the trends and user behavior.
Check out our implementation of FIDO at CA World
Samsung SDS experts will be showing off this joint solution in the Developer Products (API) area of CA World. Come have a look. And, if you want a personal tour, just ping me… I’ll be in the demo area when I’m not otherwise scheduled.