Great Debate: Apple needs to get off its island

Great Debate: Apple needs to get off its island

Summary: ZDNet debate concludes Touch ID is not a game-changer

TOPICS: Apple, iOS, Security

Update at 12:17 pm PDT with patch for Touch ID flaw

Apple's new Touch ID fingerprint reader sure has garnered a lot of comment given that today is the first day people can actually get their fingers on it.

While there is buzz, I successfully argued during this week's ZDNet Great Debate that there isn't significant game-changing appeal.

Biometrics are a slight improvement over usernames and passwords, but Touch ID is a proprietary Apple technology closed off from the rest of the authentication world.

That's Apple's MO. Look no further than iTunes and the App Store to see that Apple prefers the comfortable confines of its own temple. Apple's model is hardware and software in combination.

A connected cloud-based world, however, demands cross-domain, cross-device authentication and Apple can't see past its own screen.

My debate colleague David Braue argued that Touch ID is the first step in a long-term plan (SDK, multi-Apple device) and laid out all the potential integration points to come as Touch ID matures. Of course, none of that is confirmed by Apple, but deduced from prior art.

But enterprise IT can't build a strategy on speculation. It can't wait around for Apple to decide, and dictate, the course of action.

Today, the authentication and identity and access management game is changing fast. Vendors are multiplying, technologies are emerging (OpenID Connect) and maturing (two-factor authentication), interoperability tests are common, and standards are getting implemented (even one for provisioning!).

Waiting for Apple to build out its dream rests on the notion that once realized it will be nirvana; and that the rest of the tech world won't have budged in that 16-24 month period. In fact, Apple has already patched a fingerprint reader flaw in iOS7.

To wit, Apple's long-term authentication plan already has one slip. Touch ID was supposed to be spiced with iOS7's iCloud Keychain, a password management tool that fell out of the OS release.

The iCloud Keychain highlights Apple's mentality, a password vault - ala LastPass and others - for Safari, which has so far been walled off from those other password vault vendors in order to save the real estate for Apple's own authentication dreams.

The iCloud Keychain slip and deployment model doesn't instill confidence everything else tied to Touch ID's future will come in on time, be interoperable, and with spit and polish.

Apple wants to own the customer and that mentality won't work with current enterprise federated authentication ideals. And it didn't work with consumers when Microsoft tried it with Passport.

Regardless of how deep Touch ID's security may go, if Apple creates its own authentication environment it will alienate the enterprise - and consumers.

IT would have to build and support two identity infrastructures. One that adheres to Apple's strategy, and one that adheres to what the rest of the world is doing.

Value is the ultimate barometer and a split environment is of no value to anyone.

Apple needs to get off its island.

Topics: Apple, iOS, Security


John Fontana is a journalist focusing on authentication, identity, privacy and security issues. Currently, he is the Identity Evangelist for strong authentication vendor Yubico, where he also blogs about industry issues and standards work, including the FIDO Alliance.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Couldn't be clearer

    We've already been notified that those who want the 5S for work will have the fingerprint option turned off.
    • Huh.. I wonder why?

      I mean you can always unlock it for them.. Also they can always add one of there fingerprints to the group. Or any normal MDM tool should still be able to manage it without direct access.
    • What a stupid decision

      There is Apple's management software for corporations, which is also updated. Tell your IT to get updated and actually READ how to deal with TouchID in corporate environment.
      • Its about fragmentation

        Typically derailed against Android, this type of security is fragmented. Not only can you not apply the same security across all platforms but you would not be able to apply the same policy even across iOS since only new devices would have the security. This affects not only phones but tablets and even iPod touches.

        I certainly would not disable TouchID but we would still require a pin following complexity requirements on iOS regardless if its a iOS7 w/ 5s.
        Rann Xeroxx
  • Bank of Apple

    I don't want my bank sharing their authentication system with other companies. Too many opportunities for abuse (or NSA intrusion).

    This small sensor is Apple's first "move" in their next revolution: banking. Once there are enough of these in people's hands, Apple can facilitate just about any payment transaction. From coffee and transit to parking and shopping.
    • Who cares

      about a NSA intrusion. Only the people with something to hide and tin foil hats.
      • bull

        Maybe you need works history huh?
      • Silly Rabbit

        On Facebook? You've already given away more information to the Zuck than the NSA will ever collect.
    • Not buying into the Apple ecosystem but...

      The NSA will track and know everything they want to know about you regardless if you use Apple ecosystem or not. Apple is actually one of the large tech organizations that you could trust a bit more with your data in that they are not only a closed garden with their ecosystem but with their data as well. It will not stop entities like the NSA collecting the data downstream but Apple goes out of its way to protect "their" data.
      Rann Xeroxx
  • What was ZDNet's

    opinion of the iPhone? Of iPad?
  • I'm using RoboForm

    I'm using RoboForm on my iPhone 5. I have 315 logons stored in it. Zdnet is one of them.

    I can see already that Apple can build a much better logon product given the pieces they currently have. I'm guessing I'll stop using RoboForm and move to the Apple product in about a year or 2.

    I agree that Microsoft tried to develop a better logon-technology. They tried to sell various technologies to the company I work for. But, Microsoft failed... in my opinion.

    I think we all want an excellent logon tool to exist. Maybe Apple can push the world in a better direction.
  • Apple is a consumer electronics company

    So your entire argument is based on a flawed premise. That Apple gives a rat's rear end what IT needs.
    • Exactly

      As long as consumers are impressed enough to keep buying the products, Apple keeps making money, and has no reason to change.

      Apple's a business, and this is what businesses do.
      William Farrel
      • Exactly

        And IT is a service provider, NOT a policy maker (rare cases excepted).
  • The Great Debate?

    @John Fontaine
    " I successfully argued during this week's ZDNet Great Debate that there isn't significant game-changing appeal."
    No. You. Did. Not.
    How can you successfully argue something, a week before the event and months before data is available...when the device has yet to hit the market?
    Some people are just so full of themselves and pompous beyond compare.
    • Because

      You take the IDEA of it, then you create an argument based on the idea, not the implementation. They may be right, it may be a non-starter, but it really is too early to say.
      Michael Alan Goff
  • Apple Gold iPhone sold out!

    The Gold iPhone 5 has sold out til October!

    Microsoft wasted another bucket full of money buying the "Oh me oh my" reviews trying to stop the momentum in the face of their Surface launch. Just when they got the warehouse empty by hauling the unsold last model out to the dump too...
    Tony Burzio
    • Wow

      So you think Microsoft is trying to get bad reviews for a phone to stop momentum in the face of them launching a tablet?

      Michael Alan Goff
  • touchID is not the answer for enterprise

    Two factor is the standard. If only AAPL would include NFC - then they'd just have to ask a user to hold they company badge up to the iPhone, prompt the user for his PIN or Pwd, send that (encrypted to the server and verify).
    But AAPL isn't really serious about the enterprise. In these days of cost cutting a company that won't negotiate high volume discounts (my > 20k BB using company) isn't going to get much of a slice of that market.