Apple's Touch ID: A game changer?

Moderated by Larry Dignan | September 16, 2013 -- 07:00 GMT (00:00 PDT)

Summary: Apple builds a fingerprint sensor into its flagship phone. Big deal? Our experts debate.

David Braue

David Braue

Yes

or

No

John Fontana

John Fontana

Best Argument: No

41%
59%

Audience Favored: No (59%)

The moderator has delivered a final verdict.

Opening Statements

Big step forward in user authentication

IT managers face a huge threat to global security: lazy users. The latest Microsoft Computing Safety Index (MCSI) confirms that – despite decades of both watching spy movies and being begged and browbeaten to follow company security policies – users still can’t be trusted to do the right thing.

They simply will not inconvenience themselves for security, so their smartphones are sitting ducks – and so is their employers’ sensitive data. Touch ID is the first real hope of fixing this, since even security-oblivious idiots aren’t likely to lose their fingers.

It's gimmicky and limited in its initial release, but its potential to revolutionise information security (not to mention e-commerce) is significant. Apple’s history suggests it will steadily expand the Touch ID API over time – allowing mobile device management (MDM) platforms to mandate fingerprint scanning for access to devices, or even to individual applications. It could also be used for de facto sandboxing by managing multiple user profiles – each with tight app and resource access controls.

Because fingerprints are non-repudiable, they provide legally enforceable audit trails of access to corporate systems, enterprise apps, and the like. They may not stop a mugger from hitting an employee over the head with the phone, but in all other respects widespread and consistently good fingerprint scanning is the biggest step forward in mass-market user authentication in more than a decade. If this doesn’t improve mobile security, nothing will.

Touch ID is a consumer toy

The mobile fingerprint reader game is already off track. (See 2011. Motorola ATRIX 4G.) So Touch ID: not unique, not a game changer.

But hooray, Apple just eliminated two passwords from the stuffed cache of credentials the average user maintains. And on a device that averages 41 applications per user.

In a world defined by connectivity and single purpose apps, Apple's authentication entry is a consumer toy. In the enterprise, a germ tray. With zilch connectivity to backend ID and access management systems or cloud applications, what should be a security improvement and second-factor is neither.

And without an SDK, developers that made the App Store explode won't be able to lift a finger to raise Apple's security profile above a whimper. If Touch ID ignites the same closeted authentication engine mentality among other device vendors, it should ensure the death of secure cross-environment, cross device connectivity the cloud requires.

See also:

 

 

Talkback

53 comments
Log in or register to join the discussion
  • Why the need to make a comment ...

    ... just to vote.
    I wasn't planning to , but as I have to, I don't see it as a game changer any more than when fingerprint recognition was installed on phones previously, as stated by John. I don't see it as any more of a game changer than face recognition on Android phones, which hasn't exactly set the world alight. Having said that, I'll be interested to see the arguments on either side.
    DJL64
    Reply 5 Votes I'm for No
    • The same, but different

      DJL64, it's true that 2 years ago the Motorola Atrix was the first mobile phone with a fingerprint reader, but the ease of use, accuracy, and other features of the Apple/AuthenTec scanner hardware and software on the iPhone 5S is a much more advanced system.

      Comparing the two is like saying Apple's iPhone was not the first smartphone (which is also true), but the iPhone completely changed what we now take for granted is a "smartphone".

      The same with the iPad. There were tablets around for years before (including Apple's early tablet, the Newton) but none of them hit the mark or became popular. But the iPad changed the landscape. Now, all other tablets are more like the iPad than the tablet efforts that preceded it.

      The fingerprint scanner on the iPhone 5S is that much more advanced and different than the Motorola Atrix scanner.

      It is up to Apple whether they decide to license this new technology, or not, since Apple bought AuthenTec two years ago, and has developed this new scanner hardware and software over the past two years.

      If Apple doesn't license this new technology to its competitors, it will be up to other smartphone manufacturers to develop an equally high-quality system on their own.
      anonymous
      Reply 2 Votes I'm Undecided
      • One of the major differences

        In additional to ease of use, and accuracy, there is another important way in which Apple's fingerprint scanner is different and more advanced than other companies' previous attempts.

        Apple's scanner cannot be "tricked" into working with either a severed finger, or a lifted image of someone's fingerprint.

        This is because the sensor in the iPhone 5S utilizes two methods to sense and identify your fingerprint:

        Capacitive -- A capacitive sensor is activated by the slight electrical charge running through your skin. We all have a small amount of electrical current running through our bodies, and capacitive technology utilizes that to sense touch. This is also the same technology used in the iPhone's touchscreen to detect input.

        Radio frequency -- RF waves do not respond to the dead layer of skin on the outside of your finger -- the part that might be chapped or too dry to be read with much accuracy -- and instead reads only the living tissue underneath. This produces an extremely precise image of your print, and ensures that a severed finger is completely useless.
        anonymous
        Reply 6 Votes I'm Undecided
        • It will be cracked...

          it's just a matter of time. Everything is eventually.
          kstap
          Reply 6 Votes I'm Undecided
          • Bust a Myth!

            You're safe as long as Adam Savage doesn't lift a copy of your fingerprint!
            jallan32
            Reply 6 Votes I'm Undecided
          • None of the Mythbuster tricks will work

            on TouchID. It reads the subdermal layer, checks for capacitance, takes a 3D map of the print, etc. In other words, it's a whole heck of a lot more advanced than your typical PC fingerprint reader. Which is why the "No" guy is just spouting his ignorance when he compares it to the Atrix
            baggins_z
            Reply 5 Votes I'm Undecided
          • ' "No" guy is just spouting his ignorance'

            Are you referring to my earlier comment Baggy? Is that your best reasoned argument, to insult someone you disagree with.
            I expect this fingerprint reader to be quite useful, time will tell. I just don't think it will be a "game changer". No, that's not a fact, just an opinion.
            I didn't actually compare it to the technology in the Atrix either, I just said it wasn't the first fingerprint reader in a phone. Try reading Harvey' response. I don't agree with him (well maybe 50/50) but he does make quite reasoned points.
            DJL64
            Reply 2 Votes I'm Undecided
        • RF scanner detects moisture, actually

          so a dead finger would still work if it were kept moist. What did they do to test it, cut off someone's finger? But you're right about a lifted fingerprint.

          But nobody cares about that, as what are the chances someone would kill you or sever your finger just to get access to the iPhone they stole from you, especially when there are plenty of ways to get around the security if they actually possess the phone, including hard resets. And no, you can't remotely brick the phone if someone steals it from you, so the incentive to steal is still there.

          What would be a game changer would be if they built in the capability to brick the phone if it's stolen. There is only one brand of smart phone that has that capability built in, and that is BlackBerry. It would be the easiest thing in the world for Apple to build that capability into the iPhone as it has a unique device ID that survives hard reset, but they don't/won't do it.
          Jacob VanWagoner
          Reply 4 Votes I'm Undecided
          • Activation Lock - Bricking

            With IOS 7 activation lock you can remote wipe and brick the device, you need to enter the apple ID and password to be able to do anything with the phone.

            Recovery mode won't even bypass this. Same if you didn't wipe it and had an authentication of some kind to get past the lock screen.

            Incidentally, my employer announced today that Touch ID will be acceptable in favour of 6 digit pins
            Jonsyd
            Reply 4 Votes I'm Undecided
        • Big Enterprise Miss

          I have to go with gimmick ... The only way this could be even remotely aceptable in an enterprise environment would be as part of a two-part authentiication factor. It's ot and not likely to be. Big business has some very stringent guidelines on the use of biometrics. Most companies that have computers with fingerprint tech shut it off. No matter ow mch effort Apple ut into his, unless they are willing to open it up to allow inclusion in an authentification system designed by enterprise, not Apple, any traction it gains is minuscule, at best.
          rhonin
          Reply 2 Votes I'm Undecided