The Benefits and Challenges of Using Mobile as Credentials
How long before your phone replaces your access credentials at work? Smartphones have already begun to replace traditional lock-and-key setups in the home, and with the business world continuing to move in a more smartphone focused direction, a world where you tap your phone to gain access to your office probably isn’t too far off. The technology already exists, but implementation is not without its hurdles. While generally outweighed by the benefits, there are several potential challenges when it comes to using your smartphone as a credential. Smartphones have become ubiquitous, but cards and FOBs are still cheaper to produce. Even though users are likely to have their phone on them constantly, access badges usually include a picture and are always meant to be visible. Still, as the technology improves, it’s likely that smartphone verification is going to become more prevalent. As this trend becomes more commonplace, it’s worth weighing the pros and cons.
Firstly, let’s look at the benefit of using your smart phone as access credentials for your building.
- Smartphones are more secure than traditional access cards or FOBs. With the introduction of biometrics in modern smart phones (fingerprint sensors and face ID), even though someone might be able to get their hands on someone else’s phone, it’s no guarantee that they’ll be able to unlock it.
- Smartphone-based credentials are very difficult to clone.
- Smartphone-based implementations can reduce installation costs by leveraging an asset that everyone is already carrying around with them.
- Smartphone credentials are capable of much more than traditional card-based systems. Smart phones are capable of Multi-Factor Authentication (MFA), location awareness, mass notifications, and revocation can be done remotely.
These benefits add up to a pretty effective system for access control, not to mention the fact that users are highly unlikely to share phones with one another the way they might with their key-cards, and they’re probably aware of where their phones are at all times. In fact, we’d wager that most of you have your phones within arms’ reach right now.
Of course, as new technology emerges, there will be pushback. This isn’t a bad thing as it forces developers to overcome roadblocks to make systems as secure as possible. The difficulty comes from separating valid objections from merely an aversion to change. Going forward, the biggest issues with mobile credentials are:
- Physical return of credentials. When someone parts ways with an employer, a physical access card or FOB would be collected. With a smart phone-based system (especially in a case where employees are bringing their own devices) this is obviously problematic. You can’t ask an employee to turn in their The only solution to this problem is to ensure that your protocol for remotely disabling credentials is foolproof. If it is, this issue becomes a benefit, as you can revoke credentials at any time. Forgetting to have a card turned in or encountering any resistance from an employee is no longer a factor.
- Lack of a picture ID. With many physical access cards, a photo of the employee will be added as a second form visual verification. These cards are often clipped to an employee’s shirt or belt making it visible at all times and allowing people to identify them immediately. Phones are generally kept in pockets and would only be brought out at an access point. This issue’s importance will vary based on your business’ level of sensitivity when it comes to your assets or people. In the Security Industry Association’s (SIA) article, Overcoming Objections to Smartphones as Your Credential they offer the solution of using smartphones as credentials, but printing photo ID badges with no credentials, specifically for visual verification. Additionally, all modern access control systems allow for a head shot to appear when credentials are presented to a reader. If a picture has been taken of the employee, and someone is present to identify them, they can verify that the person who presented the card or phone is the proper individual. It’s even possible to speak with the person in video which will allow for facial recognition with CCTV integration with the access control software.
When all is said and done, one of the biggest benefits that those who choose to implement mobile credentials will see is lower installation costs. The SIA points out that “A smartphone credential adds significant functionality over a traditional credential and is always upgradeable to add new capabilities – all for the same cost, or less…Also, users do not require a reader to enter a door, so enterprises can eliminate readers on most doors to keep the entrance looking clean and to reduce installation costs.” When you couple this with the other benefits of mobile credentials, it becomes clear that this will more than likely become the preferred method of access control for most workplaces in the near future.