What does the smartwatch mean for IAM? Safer, more versatile authentication, easier mobile payments and less fraud

Today we saw the announcement of the Samsung smartwatch, Galaxy Gear. 

I am certain that this new smartwatch form factor will fill a niche: augmenting the input and output of a (Samsung, initially) mobile phone and device then with further miniaturization, take over more and more of the functionality of the smartphone.

Beyond the cool factor, there are immense and also immediate security benefits to be gained from a smartwatch:

  • You can use the smartwatch as an "invisible" token. If the watch is on your wrist, an application  running on the smartphone, mobile device or even a PC will sense the proximity of the smartwatch and thus authenticate and let you in. Without the smartwatch being nearby, you won't be able to (easily) log into the mobile application. This is very similar to Entrust's mobile phone token paired on Bluetooth with a PC, except now the smartphone is the PC and the token is the smartwatch. Further, it's a lot harder to steal your watch than it is to steal your mobile phone. The watch can also use motion, gait, etc. as extra factors for authentication beyond just "being there." Putting a fingerprint reader on a smartwatch may also be an easy way to authenticate users.
  • Voiceprint authentication to the watch and through the watch. This is where voice control and voiceprint authentication will come of age. Since the smartwatch lacks any other usable input interface other than voice control, using your voiceprint to authenticate to the 1) smartwatch  and its applications and 2) through the smartwatch to the smartphone or mobile device will be the easiest option. We expect that the above use case will give a whole new boost to the voiceprint biometrics market.
Read more

2013Q3 IAM Suites Wave is out today

 In Forrester's 16-criteria evaluation of comprehensive identity and access management (IAM) suites, we identified the nine most significant vendors in the category — Aveksa, CA Technologies, Courion, Dell, IBM, NetIQ, Oracle, Ping Identity, and SecureAuth — and researched, analyzed, and scored them. This report details our findings about how well each vendor fulfills our criteria and where they stand in relation to each other to help security and risk (S&R) professionals select the right partner for their enterprise, business-to-business, and consumer-facing IAM deployments. Get the document at http://www.forrester.com/The+Forrester+Wave+Identity+And+Access+Management+Suites+Q3+2013/fulltext/-/E-RES99281