Are you ready to start using smartphone credentials as part of your access control system? We carry our smartphones with us everywhere. We use them for multiple forms of communication, snapping photos, staying social, and shopping. They are our voice, our camera, our computer and our wallet, so why not our keys?
According to a recent Pew Research Center survey, 77 percent of US adults own a smartphone. If technology cost continues to decline and phone quality improves, the number of adults owning a smartphone will continue to grow. Soon it will be as difficult to buy a ‘dumb’ phone as it is to buy a ‘dumb’ TV.
Not All Smartphones Are Alike
The four major OSes on the market (Android, iOS, Windows, and Blackberry) all use different modes of authentication, and there is no industry standard. Several manufacturers are embracing two-factor authentication, which binds the phone to the owner by using fingerprint or photo identification. Since 4-digit passcodes have become so easy to hack, they will eventually become a thing of the past.
Related Article: Do We Need To Be Reminded About Password Security
So, is the time right for smartphone credentials?
While most of these devices have NFC (Near Field Communication), they don’t all adhere to the same standard. Apple’s iOS uses NFC strictly for their ApplePay protocol. They aren’t about to open that up to other applications for fear that it would jeopardize security.
Are smartphone credentials secure enough to use as part of your access control system?
Well, there is still the Bluetooth protocol. While it has a short-read range and a rather slow data transmission rate, it is still the most viable option for use in access control. Bluetooth 5 was released in December of 2016 and is said to have four times the range, two times the speed and eight times the broadcasting message capability of the previous version.
Many access control system manufacturers have readers that are Bluetooth enabled and to swap out existing card readers is relatively inexpensive. Many of these newer access control readers are ‘multi-technology’ which allow for backward compatibility with your older credential technology (NXP-Mifare, HID Prox, Felica and even mag-stripe).
Are smartphone credentials the answer?
Is the technology ready for prime time? I’d say we are getting close. As with any new technology, for every advantage there are disadvantages. While smartphones are more secure on many levels, they can add a level of complexity administratively to your access control system.
Instead of issuing a credential (card) to the end-user, the end-user must register their credential (device) with you. If they get a new or replacement phone, they must re-register their device with your access control system. That said, people are less likely to lose or damage their phones as they are their other credentials.
With the rapid advances in smartphone technology, there may be yet some other technology that pops up. Whatever the new technology is it will hopefully standardize and streamline the credentialing process. Stay tuned.
About the Author:
John Castrege is the Security Systems Administrator for Campus Safety at Haverford & Bryn Mawr Colleges. He holds a Bachelor of Science in Criminal Justice from York College of Pennsylvania and a Masters of Software Engineering from Penn State University.