App security is a highly important part of mobile banking. Not only is account authorisation necessary on each trusted device, but you must also worry about constant on-device account security. While we would like to think of each mobile device as being exclusive to one user, that’s not really how the world works. People lend their phones to friends and family all the time. phones get left on counters and tables and dressers at home. Phones are borrowed by a customer’s children, and phones are lost or stolen.
In other words, you never know who will be holding a customer’s phone next. This is why auto-login, where a device can always immediately re-access a mobile banking account, is not secure. Instead, mobile banking apps need quick and convenient ways for their customers to re-authenticate every time a device is picked up.
The Password Alternative
The re-authentication process is something that many mobile apps have struggled with. On one hand, customers hate tapping in their passwords over and over again. On the other hand, automatic logins are one of the biggest security risks in the mobile app industry.
The solution is secure password alternatives. Mobile apps of all types have been experimenting with alternative ways to authenticate a login without going through the password or confirmation code process every time. These new methods are not only faster and less tedious than traditional password re-authentication, but they are also less targetable by hackers who have been perfecting their password theft techniques for decades.
Let’s take a look at the leading five authentication alternatives to quickly reactivate mobile banking apps without revealing accounts to phone thieves or family members:
1) Biometric Scans
Biometric scans cannot yet check a user’s DNA through their phone, but many high-end devices can accurately scan a user’s retinas or fingerprints to verify that the correct person is holding the phone. Every time a mobile device goes to sleep, your banking app should log out and create a placeholder for re-authentication. For customers using capable devices, fingerprint and retina scanning can become quick and easy ways to be certain that accounts are not being accessed by the wrong individual.
2) Personal File Security Questions
Security questions have been a much-debated subject of authentication for a few years. Some argue that hackers can steal security questions with a single invaded account, while others posit that security questions are an ideal way to thwart hackers who don’t know personal details of their targets.
The answer is to mix up your questions and answers. Rather than encouraging users to enter their own security questions or, worse, pick from a standard set of (researchable) questions, pull from their account or credit report instead. Pick random questions that hackers cannot study-up for and that the account holder would know without having to think. Like past addresses, employers, or even recent transactions.
3) Dot-Draw Image Passwords
One of the most fun and under utilised re-authentication options is image passwords. Image passwords rely on a user’s creative mind, physical movements, and memory to authenticate a type of password hackers can never crack. One such option is a connect-the-dots password. You give your users a grid of dots and encourage them to ‘make a password’ by drawing a picture connecting the dots.
They can then draw the same picture using the same dots each time to re-authenticate on a trusted device. Even a hacker looking over their shoulder is unlikely to properly replicate the exact image design and dot-use. And drawing a small picture is much less tedious than tapping in a complex password.
4) Memory Select Image Passwords
The other common image password is a game of memory. Initially, users are asked to select a collection of images in a specific order from a wide selection. When they log back in through a trusted device, the authentication can be replicated by tapping the same pictures in the same order. This works best with pictures that all have the same colour scheme (ex: Paintings of autumn scenery) but different details so that someone glancing over a person’s shoulder could not easily discern the difference between one image and another, or keep track of the sequence chosen.
5) Voice Passphrase
Finally, voice analysis technology has also improved in the last several years and voice passphrase have become a more reliable form of security. You may be able to offer your users the option of speaking or even singing to their phones in order to re-authenticate their mobile banking accounts. A small audio clip provided by the user can be analysed and compared to a record of their voice. This works best if you encourage users to choose special phrases, sounds, songs, or tones of voice that would be difficult or even embarrassing for another person to try and replicate.
When securing your mobile banking apps, remember that multiple layers of authentication are necessary. Not only must you use secure passwords and security codes for a device’s initial login, but re-authentication is vital to ensure stolen or borrowed devices don’t result in an account breach.
Find out more about Fern Software solutions, click here to request for our brochures for free!