Should mobile apps be secured with strong authentication?
The answer is - obviously – YES, especially when you look at the kind of malware and vulnerabilities that are roaming around.
When you launch your latest purchased app on your smartphone or tablet for the first time, you are asked to fill in your username and password. There is a big chance that those credentials are then memorized by the app, so that this information resides somewhere on your phone or tablet.
You trust it is encrypted and stored in a secure way. However, Starbucks users experienced the opposite.
Unfortunately, there is lot of malware out there. 99% of all mobile malware is made for the Android platform. HP Enterprise Security reports in their Cyber Risk Report that
- 56% of the applications that were tested, exhibit weaknesses of revealing information about the application, its implementation or its users;
- 74% of the apps exhibit unnecessary permissions;
- 80% of the apps are vulnerable to misconfiguration vulnerabilities.
These are scaring figures, in particular if you know that by 2017, mobile apps will take over the web, according to Gartner.
Luckily, app builders can use proven solutions to integrate one-time passwords (OTPs) into their applications. Some developers choose an SMS solution, which implies that an SMS containing a unique OTP is sent to the user. However, this does not work if your tablet does not contain a SIM card. Others use an application that generates one-time passwords that have to copied and pasted into the password field by the user himself.
Yet, smarter is the in-app one-time password possibility, available with the MYDIGIPASS authenticator. There is no need anymore to copy/paste, as the app integration makes sure that the OTP is injected directly into the password field. To increase security, the user also has to fill in his PIN code. Real two-factor authentication is thus achieved.
This approach leads to the perfect balance between banking level security and optimized user convenience.
Your app is worth it….