Tips on logging into secure areas using a mobile

Yesterday I mentioned five tips on some of the best ways businesses can help promote trust in mobile security. Here are some more pointers when logging in to a secure area of a site e.g. banking:

• If a user is concerned that their logging in details have been compromised (for instance, by using an unsecure network or by someone ‘peering’ over their shoulder), then give them the control to be able to go into their own account and change details (such as their password) themselves.
• Any access to a secure site should involve some type of information that is ‘held in the head’ and cannot be obtained from documentation that could be stolen e.g. date of birth from a driving license.
• Consider including some method of authentication – Barclays use PINsentry, a Chip Authentication Programme, which is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed.
• Do not allow users to be able to go straight into a secure site without having to enter some form of logging in information. For instance, my teenage daughter uses my mobile Facebook app to go straight into my account to put up funny (what she thinks are funny!) statuses to my account.