With its move, Apple could end up making the technology commonplace, as rivals might feel compelled to follow suit. It could be only a matter of time before passwords and passcodes are relegated to yesteryear.
In making the iPhone 5S one of the first mainstream smartphones in the Western market to include hardware security, Apple has not only declared war on passwords and weak security, but it has begun to reinvent the notion of device and online identity.
The iPhone 5S' fingerprint reader will act as a first line of defense against would-be thieves and hackers — even intelligence agencies, to a degree — against identity and content theft, fraud, and surveillance.
Apple marketing chief Phil Schiller said at the Tuesday event that the Touch ID fingerprint scanner will be used to access a user's device quicker, as well as preventing unauthorized users from accessing a device's data. App purchases can also be used with the scanner.
The fingerprint data will be stored on the device, and will not be backed up to iCloud, Apple confirmed.
Once a feature traditionally aimed at business customers, fingerprint technology has increasingly seen an uptick in consumer devices, notably laptops. With a swipe of a finger, a device can unlock or decrypt documents without the need for remembering passwords.
But fingerprint reading technology has been dogged with problems — namely, that it's not so hard crack — and that’s something Apple is trying to address. Motorola first launched its Atrix smartphone with fingerprint reading technology, but it was reportedly dropped as consumers complained of errors. In Japan, many phones designed in part as digital wallets for electronic payments also feature biometric security. This trend is set to continue later this year, followingreports of a push in the South Asian market.
In doing this, Apple is not only going after consumers, but businesses — with iPhones and iPads making their way into more companies.
The path Apple took to reach this point officially started long before the company acquired fingerprint and biometrics firm AuthenTec for $356 million in June 2012, with patent applications spanning back as early as 2009. Later, in October 2012, Apple inked a deal with Australian fingerprint security company Microlatch, sparking further rumors that a future iPhone would include fingerprint recognition technology, along with other security features embedded in its iOS software.
Biometric and fingerprint technology has long been criticized by security experts. Biometrics are not an exact science and can be fooled. In some cases, confectionary and Play-Doh can be used as simple and cost-effective ways to skirt fingerprint security.
Apple's bid to future-proof the iPhone meshes well with existing security shifts and trends such as epidemic levels of phishing, device thefts, and malware. Its new fingerprint sensor likely means basic password security will take a backseat in favor of an increased focus on personal online identity. And it could negate the need for two-factor authenticationand password-reset questions.
The move may help companies like PayPal, whose apps and payment services rely on ensuring the utmost levels of security.
PayPal Chief Information Security Officer Michael Barrett alluded to the iPhone 5S’ upcoming biometric technology at the Interpol conference in May. He said, according to Macworld, that users pick "poor passwords" and "reuse them everywhere." He added: "That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the Internet.”
PayPal this year helped launched the Fast Identity Online (FIDO) Alliance, which is aiming to do away with passwords and codes, focusing instead on common and open standards. BlackBerry, Google, and Lenovo, a major player in the Chinese market, are also members of the group.
While devices may be replaceable, data loss can be catastrophic for the owner if it lands in the wrong hands. Despite backups and cloud-based storage, this "security" to "identity" shift suggests the iPhone maker recognizes that data is tied to an identity, not an easy-to-crack access code.
It comes just months after calls from New York Attorney General Eric Schneiderman for the smartphone industry to make devices and data more secure.
Apple execs met with Schneiderman and San Francisco District Attorney George Gascón, but the company was already doubling down on software security. Pre-release versions of iOS 7already included an "activation lock" feature, which requires users to enter a valid Apple ID to authenticate the device. This de facto "kill switch" is designed to bolster the device's security at a software level.
The possibilities for this technology could change the entire personal security landscape altogether.
While a password can be as secure as a four-digit code or lengthy alphanumerics, a fingerprint could become the gateway to Web-based authentication — something not too uncommon in this day and age where we make payments electronically or wirelessly from our smartphones.
The app ecosystem will now be able to tap into a reliable and secure mechanism that can authenticate the person, not the device or the data, as the digital signature behind transactions and decisions. The possibilities extend as far as in-app purchases, banking, and connecting to virtual workplaces, while at the same time reducing accidental app and game purchases and adding an extra layer against malware.
While Barrett remained optimistic that this year more devices will contain identity management and security technology, he was less so about the death of the password. "Passwords won't disappear overnight," he said.
However, Apple has fired the starting pistol on what it sees as the future of security and online identity, with a layered and multifaceted idea of how we connect with our devices and how our devices represent the user on an identity level.