What is mobile authentication?
Mobile authentication is the verification of a user's identity via a mobile device using one or more authentication methods for secure access.
Mobile authentication can be used to authorize the mobile device itself or as a part of a multifactor authentication scheme for logging in to secure locations and resources.
While mobile authentication enables single-factor authentication, it possibly creates more secure alternative methods for authentication, including the following:
- Nontext passwords, where symbols or images are chosen from a randomly generated field.
- Digital certificates using public key infrastructure.
- Smart cards with stored authentication data.
- Out-of-band authentication, where the user places a call to obtain authentication.
- One-time passwords input via phone apps or text messages.
- Biometrics, such as finger scanning, facial recognition or iris scanning.
Some organizations require extra security beyond ID and password for authentication, but added devices and methods can make the procedure too cumbersome for employees. The ubiquity of smartphones can help ease the burden, however. Most smartphones have a Global Positioning System (GPS) component, enabling reasonable confirmation of login location; a camera for facial recognition and iris scans; and a microphone for voice recognition.
Mobile devices that use more than one of these capabilities are functionally multifactor tokens. For example, a smartphone software token app can tap into GPS location or use biometrics, all within a device the user carries anyway. For administrators, the main benefit of a software implementation is that there are no extra physical devices to manage.
Editor's note: This article was written in 2014. TechTarget editors revised it in 2023 to improve the reader experience.