With the elevated role of mobile in today’s business workflows, enterprises can no longer depend entirely on passwords to protect their employees’ corporate or personal devices.

Password management is a growing problem. The average person today has 27 discrete online log-ins, but in many cases they use just a few passwords across all their accounts. As many as 37 percent of people say they forget a password at least once a week. Even more concerning: some of the most popular passwords used in 2016 included “123456” and the word “password” itself.

In the workplace, employees today are expected to manage a growing number of IDs and passwords too – many of which provide access to confidential corporate or customer data. Poor password practices and the rise in identity theft have forced IT departments to enact stricter password rules, further exacerbating the password management problem for employees.

Fortunately, biometric authentication is changing the mobile security paradigm, offering a way for enterprises to defend corporate data against current and emerging threats. Biometrics take the burden off the employee; if their fingerprint or iris is their password, it will inherently be unique and they should have no issues remembering it. The technology is available today, but enterprises will need to take proactive steps over the next several years to ensure they are effectively leveraging biometric authentication in their security architecture.

Password Practices

Password management in business still lacks a level of standardization across industries, even with so many reports of hacking, malware and ransomware attacks across businesses and government.

Organizations might have unofficial password management standards, or none at all, often leaving passwords at the mercy of human error. Some users may store their passwords in a paper notebook, an unencrypted file or their web browser, according to a report from SANS Institute. Enterprises dependent on software-as-a-service applications offer the option for users to set two-factor authentication, but it doesn’t mean every organization is mandating employees to use it.

As a mobile device manufacturer, Samsung has sought to address this problem in a couple of ways. First, we’ve added secure biometric authentication features to many of our devices and strived to make them as easy as possible to use. The new Samsung Galaxy S8 takes this to the next level, offering a choice of fingerprint or iris scanning technology for secure biometric authentication.

Second, we’ve introduced Samsung Pass, a management tool that allows you to use your biometrics to replace passwords in your accounts (specifically when using the Samsung web-browser). This technology integration aims to balance security and convenience on both personal and work devices, helping consumers to take charge of their digital lives.

Our focus in the coming months is on building out the Samsung Pass ecosystem by allowing its integration into key consumer-facing applications and services. Samsung is working with many of the top banks, for instance, to integrate Samsung Pass into their services, making mobile banking more secure and simple.

What Does Samsung Pass Mean for the Enterprise?

For the enterprise, our aim with Samsung Pass is to provide customers with a simple, secure and integrated biometric authentication platform to securely manage their employees’ access to corporate data and systems.

This will be of particular interest to customers in healthcare, financial services and government, where security and compliance are always a top concern.

Samsung Pass provides defense-grade protection with Samsung Knox and through the use of public key cryptography. Enterprises can use the Samsung Pass platform to leverage advanced biometric authentication features in their applications, significantly reducing development efforts.

We are putting a lot of thinking and hard work into making Samsung Pass enterprise-ready, including allowing multi-modalities depending on the customer’s needs, and planning integration into our Knox Workspace data separation solution.

Emergence of Iris Scanning Technology

Iris scanning, in combination with Samsung Pass, offers a powerful authentication solution for the enterprise. While there are reports of fake fingerprints fooling fingerprint scanners, there’s much less threat of a fake iris because each part of the human eyeball (iris, pupil and sclera) has different IR reflection rates. A cybercriminal can’t use a picture or artificial eye, because neither has reflection rate differences.

Iris scans stored on the device are digitized and saved in Knox TrustZone as an encryption code. Our support for TrustZone and public key cryptography ensures device and server-level security and provides a strong foundation for consumer or enterprise-secured services involving sensitive data.

With all the threats facing mobile users today, password management is no longer sufficient. Biometric authentication is a must for enterprises who want to protect their employees and their data from current and emerging security threats.

Unlock your phone with a look with advanced iris scanning technology