Best Argument: No
Audience Favored: No (59%)
Big step forward in user authentication
IT managers face a huge threat to global security: lazy users. The latest Microsoft Computing Safety Index (MCSI) confirms that – despite decades of both watching spy movies and being begged and browbeaten to follow company security policies – users still can’t be trusted to do the right thing.
They simply will not inconvenience themselves for security, so their smartphones are sitting ducks – and so is their employers’ sensitive data. Touch ID is the first real hope of fixing this, since even security-oblivious idiots aren’t likely to lose their fingers.
It's gimmicky and limited in its initial release, but its potential to revolutionise information security (not to mention e-commerce) is significant. Apple’s history suggests it will steadily expand the Touch ID API over time – allowing mobile device management (MDM) platforms to mandate fingerprint scanning for access to devices, or even to individual applications. It could also be used for de facto sandboxing by managing multiple user profiles – each with tight app and resource access controls.
Because fingerprints are non-repudiable, they provide legally enforceable audit trails of access to corporate systems, enterprise apps, and the like. They may not stop a mugger from hitting an employee over the head with the phone, but in all other respects widespread and consistently good fingerprint scanning is the biggest step forward in mass-market user authentication in more than a decade. If this doesn’t improve mobile security, nothing will.
Touch ID is a consumer toy
The mobile fingerprint reader game is already off track. (See 2011. Motorola ATRIX 4G.) So Touch ID: not unique, not a game changer.
But hooray, Apple just eliminated two passwords from the stuffed cache of credentials the average user maintains. And on a device that averages 41 applications per user.
In a world defined by connectivity and single purpose apps, Apple's authentication entry is a consumer toy. In the enterprise, a germ tray. With zilch connectivity to backend ID and access management systems or cloud applications, what should be a security improvement and second-factor is neither.
And without an SDK, developers that made the App Store explode won't be able to lift a finger to raise Apple's security profile above a whimper. If Touch ID ignites the same closeted authentication engine mentality among other device vendors, it should ensure the death of secure cross-environment, cross device connectivity the cloud requires.
- Apple's Touch ID doesn't match enterprise security's fingerprint
- iPhone 5s with Touch ID is a big win for BYOD security
- iPhone 5S fingerprint reader: Doubling down on identity, a death knell to passwords?