iPhone 5S: fingerprint reader for the masses

It’s really, really hard for mass adoption of new technologies. Not only does the tech have to just work for everyone, a design and engineering problem, but it must be perceived to be far more useful than the learning and inertia hurdle.

Consider the following examples, all from the last decade, where it is now “normal” to:

  • download and run small programs on a handheld computer
  • use touchscreen devices intuitively
  • easily make micro-payments, including in-game purchases
  • carry around enough music and video to last a lifetime
  • expect our geographical coordinates to be always available and mapped

All of these and more represent huge shifts in mass market expectations and everyday life. All of them largely owe their success to the genius of Steve Jobs and his last years at Apple.

We need to stand back and see how things have changed over the last decade to truly appreciate what Steve Jobs achieved. He wasn’t the first with any of these- his genius lies in making them both just work and highly desirable for everyone. The new normal. A truly remarkable and wonderful achievement.

Touch ID

The iPhone 5S has a fingerprint authenticator called Touch ID integrated with the home button. Apple’s video is a great, customer-friendly explanation of how it works as well as the benefits.

So many businesses have tried and failed to make biometrics work for people. It takes an Apple to make fingerprint readers “normal”.  Everything about is is quintessential Jobs- brilliant design, easy to use tech, and quickly copied by others. Within a year or two, people will be using their finger for authentication in a variety of situations and devices without hesitation. Sheer brilliance.

Even Yahoo boss Marissa Mayer, who couldn’t be bothered to use a passcode to protect her iPhone, is a fan. This when she should be aware that the passcode encrypts her iPhone.

But, but… fingerprint database for the NSA?

In a post-Snowden world, I’m totally for paranoia and mistrust. Even then, I have to say it is extremely unlikely that the Touch ID will facilitate a global fingerprint database for the NSA and its intel partners.

Fingerprints will be an optional way (as an alternative to passcodes) to verify identity rather than as a way to determine identity, i.e. confirming it is the same person each time without necessarily knowing who the person is. Further, the iPhone 5S’ A7 chip stores a one-way encrypted value of the biometric template derived from the fingerprint rather than the fingerprint itself.

While no one can guarantee that the NSA will pervert the Touch ID in the future, there are so many easier ways to get a person’s fingerprint. Personally, I don’t see any real probability of the NSA getting a global fingerprint database out of Touch ID and will not hesitate to use it myself. If the NSA or GCSB want my fingerprints, they already have them readily available via the US border control procedures for visitors.

“Fingerprints are lousy authenticators”

There is no doubt that fingerprints have significant limitations as authentication keys:

  • Static- fingerprints can’t be changed.
  • Not secret- it’s entirely feasible to get a person’s fingerprint without too many problems. Publication of the German Interior Minister’s fingerprint by hackers remains a classic example. Another one is the famous Gummi Bears spoofing (though Touch ID with sub-dermal fingerprints makes it harder to spoof).
  • Variable- for example, after a bath or swimming. This requires tuning Touch ID towards minimising false rejections of true fingerprints.
  • Exceptions- as with any system, handling exceptions is important. For example, a person losing a finger.

Touch ID manages some of these limitations very well. For example, it allows multiple fingers to be used and any orientation (another brilliant design decision). There is always the possibility that a thief will hack off the owner’s finger- as happened when a Mercedes protected by fingerprint recognition was stolen in Malaysia– but Touch ID uses capacitive tech which requires the finger to be live. So it is probably as dangerous as a thief forcing a person to enter a passcode.

All in all, fingerprint authentication for local access to a mobile device is a great balance between convenience and security.

Touch ID will allow ‘two factor authentication’- something you have (the iPhone) and something you are (fingerprint). This is perfectly good enough to unlock the iPhone and purchase an app from the iTunes Store.

For high risk transactions, adding in the third factor of something you know (password or passcode) makes for strong authentication with minimal barriers. However, as of now, Apple has said it does not intend to allow Touch ID to be used by apps and online services (like banks).

Added bonus?

As Robert O’Brien has noted, Touch ID may be able to be used for Close Capacitive Coupling Communication. This opens up all sorts of future possibilities, for example the Connected Me concept of “your body is part of a network – able to transmit information, images and codes – simply by touching an object.”

Go for it

My advice for anyone buying an iPhone 5S- go ahead and enjoy the convenience of using your fingers to unlock your phone. It’s going to soon be the new normal in any case, despite warnings from some experts.

Advertisements

One thought on “iPhone 5S: fingerprint reader for the masses

  1. Of course now with Apple Pay, Touch ID and your bank are getting closer to nirvana. I for one welcome these small steps towards better security. My finger is a little more secure than an easily snooped 4-digit passcode.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s