With the introduction of “Touch ID” on Apple’s new iPhone 5s, biometrics went mainstream. While “biometrics” sounds nerdy now, it won’t for long. It’s joining other terms reimagined by Apple, including MP3 player, smartphone, and the very idea of the personal computer itself.
Biometrics ID’s people by physical characteristics - their fingerprints, voiceprints, or even eyeballs.
“Biometric authentication” is already used on products including door locks, gun safes and notebook computers.
Apple is using biometric authentication on the new iPhone because it's a gee-whiz technology with apparent benefits, convenience being the biggest one. But there are many concerns around the use of biometrics in mass-market consumer electronics, especially when it relies on fingerprints.
Older biometric authentication systems were easily tricked with fingerprint casts made of play-doh, or black and white photocopies of fingerprints. And Apple’s Touch ID system has already been bypassed by a German Computer Club. Their simple hack requires a high-quality copy of a person’s fingerprint. But in many situations, it’s easier to lift a high-quality fingerprint than guess someone’s passcode.
This highlights another problem with using fingerprints as passcodes: you can always change a passcode, but you can’t update your fingerprints. I should note that you can still use a passcode instead of fingerprint access on the new iPhone; Touch ID is just an option.
Of course, many people don’t use a passcode of any kind on their smartphone, even though it’s full of personal emails, family photos and financial information.
An alternative to biometric access is two-step authentication, requiring both fingerprint and passcode. Apple doesn’t offer this yet, but might in a future update.
Unfortunately, that level of security would be inconvenient, especially for those of us who frequently use our smartphones. That’s the reality of the current state of digital security - simply put, it’s nearly impossible to create strong, reliable security that’s also simple and fast.
There are other concerns with Touch ID, such as hackers stealing copies of people’s fingerprints. The iPhone doesn’t actually store that information, but a more gruesome concern involves literal hacking - of fingers. People are worried that thieves might start severing fingers to gain access to stolen iPhones.
Here in Vermont we have a more pressing issue with fingerprint scanners - the fact that we wear mittens and gloves much of the year.
Despite these concerns, the iPhone 5s is a huge hit, having sold out around the world. To make biometrics mainstream, perhaps it was inevitable that Apple chose a good enough security solution. As biometrics goes mass market, hopefully the conversation about its current limits will too.
