To emphasize this point, Apple shared a great statistic: their average users unlocks their phones 80 times a day. Other reports state people look at their phones upwards of 130 times a day but those are less of the average and more the heavier users. Regardless, the simple act of logging into our phone via a secure form of login like passcodes or fingerprints is now taken for granted in much of Apple’s ecosystem when, just a few years ago, anyone could have stolen my phone and have access to my personal information. Here again, Apple shared that 89% of their users with a Touch ID-capable device have set it up and use it.
While using a fingerprint reader or scanner for security purposes obviously wasn’t invented by Apple, this is yet another one of those cases where Apple took an existing idea, made it incredibly user-friendly, improved the hardware a ton, and now it’s the standard on every phone.
You know that all fingerprint readers available today be be overriden by rubbing, right? It is just securty theater.
And by the way, i unlock my phone about once a week, unless answering the phone counts as “unlocking”
Edited 2016-04-18 23:55 UTC
I am not keen on bio-metric security. I guess you can’t beat it for convenience, but ever since it’s inception as a secure digital lock it’s always left a lot to be desired with regards to security. Sure enough the iphone is vulnerable to the exact same vulnerabilities that have long plagued other sensors.
Hacking it seems complicated to cbs news reporters:
http://www.cbsnews.com/news/iphone-fingerprint-reader-was-hacked-so…
And people forget that even though fingerprints are supposed to be unique, matching them is actually probabilistic due to the fact that inputs from the same person aren’t going to be exact matches: as you decrease false negatives, you end up increasing false positives.
With all the commotion over handing device keys to the government, well they already have millions of fingerprints, including mine. The San Bernardino phone could have been much easier to crack with a fingerprint. Once you factor in all the weaknesses it’s hard to conclude that fingerprint biometrics are good for anything more than causal security only. I would be wary of using it to protect something of real value.
Many of us have seen this cartoon, a corollary might be thieves using an axe or a saw to get an original fingerprint. Unlike the digital key, they don’t need your cooperation at all, terrifying really (we all know this is eventually going to happen…)
https://xkcd.com/538/
Edited 2016-04-19 00:18 UTC
The problem with uncrackable security systems is that they tend to be inherently inconvenient. If a system is inconvenient it will, eventually, be turned off by a significant number of users and thus strong but inconvenient systems actually degrade security in the real world.
Think about it like this. There are two lines on a graph. One line goes up as the inherent security of a security mechanism on your phone increases. The high the graph the higher the security. The other line starts from the other side and as it increases the inconvenience of the security system increases, the higher the line the more tedious and time consuming operating the security mechanism becomes.
If the inherent security line is very high, near the top of the graph, and the device is virtually uncrackable, the other line, the one showing the inconvenience is also very high. The art of designing an optimal security system is to get the security line as high as you can whilst not dragging the inconvenience line up too much. You need to design a system that falls right in the sweet spot where the lines cross. Thats what Apple’s Touch ID tries to do. I think it succeeds.
Of course sometimes people have such sensitive data that they want some sort of super strong security even if its super inconvenient. But most people, the vast majority, don’t fall into that camp. For most people, pretty much everyone, a system like Touch ID is good enough, the balance is just right, and as a consequence it is actually used a lot and increases security in the reasl world.
Tony Swash,
I’m glad you agree. Nobody would deny that it’s better than having no security at all. As indicated before, it’s good for casual security, but there are some times when a little bit of inconvenience is worth the extra security. For example, using only fingerprints for payment should be a concern. Once there is a major breach, many will be forced to contend with the fact that their fingerprints can’t be reissued.
Instead of ‘casual’ user I would prefer the word ‘mainstream’. There is nothing casual about the intensity with which most people interact with their devcies.
I am at a loss to understand how a ‘major breach’ of the fingerprint recognition aspect of Apple Pay could occur in the real world. As I understand it the fingerprint scans are stored in the secured enclave on the chip on the device and are not held on Apple servers so a hack of Apple systems would not yield anything.
Short of stealing and replicating the fingerprints of individuals enmasse, something I cannot imagine to be practical in the real world, only limited one off individual breaches would seem possible. And even then each breach starts with actually stealing someones phone, getting hold of a good copy of their relevant individual fingerprints, going through the cumbersome replication system asnd then breaking into their phone, and then doing something bad – and doing all that before the victim has a chance of blocking the device. Its technically doable but its not going to happen very often – which is why such breaches are vanishingly rare in the real world.
Agreed. I suspect the OP was talking about this technology in a general sense, i.e. let’s say that a fingerprint was the soul means of gaining access to pay with an account at a store terminal. Some people seem to want this type of biometric-only security. I don’t think Apple Pay is any less secure than the card/PIN system we have now. It still relies on two factors of authentication: what you have (the phone) and what you are (the fingerprint). In fact, compared to the pinless signature crap we have here in the states at most retailers, I’d say Apple Pay is quite a bit more secure… or it would be, if anyone actually had it. So far, I’ve yet to find any place I frequent that supports it yet so, despite having an iPhone 6S Plus, I’ve yet to even try Apple Pay at a physical location.
Edited 2016-04-19 15:25 UTC
darknexus,
Yea, the fact that something uses two factor authentication clearly helps to mitigate the damage when only one factor gets compromised, exactly as designed. At least in this case users should be able to switch back to password authentication assuming they actually realize the importance of two factor authentication and also realize that their fingerprint has been compromised.
I suspect there’s a very high likelihood that all of my fingerprints are on the outside of my car doors and trunk.
Tony Swash,
A major breach of any fingerprinting system anywhere could be potentially disastrous for all of them.
Those hacks seem to assume that you use the same finger for your id and for every other operation on the home button.
Edited 2016-04-19 09:21 UTC
Thank you for posting this. I ddn’t know abou the specific hack to the iPhone but fingerprint scanners have been notoriously hackable in the past. I don’t know why people think it is real security. Your fingerprints are all over the phone! Sure the fingerprint scanner will stop your significant other from getting in but it isn’t real security. I’m amazed that people can get so bent out of shape about Apple having to potentially help the FBI with unlocking a phone meanwhile they basically already gave the key away with the fingerprint sensor.
” Apple shared a great statistic: their average users unlocks their phones 80 times a day.”
Would prefer the ‘thing’ placed under my arm skin.
Anybody unlocking their phone 80x/day has some very serious productivity issues.
I check my phone once a day.
[q]Anybody unlocking their phone 80x/day has some very serious productivity issues. ]/q]
Hardly. I use a SIP-based softphone to hook into my work’s iCore network so I can take support calls wherever I may be. Answering these calls requires that I unlock my phone. You’d call that a productivity problem would you, taking work calls?
Good for you. Try getting away with that as a consultant with phone calls and emails coming in all day. Smart phones with email are essential to a lot of professionals that are on the road.
No need to exchange ID anymore.
besides implementing monetization schemes?
Anybody unlocking their phone 80x/day has some very serious productivity issues.
I check my phone once a day.
windows phone does that to you.
i checked my rotary dial phone more than once a day, man.
You mean checking the dial tone to see if the phone was still working? You either picked up the handset when it was ringing or waited for the person to call again.
would be – where does Apple get that data? Are the phones actually counting unlocks on a daily basis? If so, what else?
I wondered the same. They could be aggregating the data based on iCloud usage and the like. I hope that’s all it is. The alternative would pretty much undermine their security talk.
Was also wondering the same.
Remember that windows 10 telemetry is “creepy”, and that Google is looking into your email .
They went out and bought a company that had the best finger print reader. Which is why all the moto phones have a dimple: they were going to use the same one right there but couldn’t after the purchase.
So basically Apple bought a good company with smart people with a finished product. Not exactly the same as developing the first ipod or iphone.
No large company in the world develops every piece of technology that it deploys. Someone out there will develop something better and in ways that you will not have thought of. And even if you could have thought of it, it is probably patented by then and you might as well buy the company out, or license their tech.
What companies like Apple, Microsoft, Google etc do is to buy companies that produce the tech they need to deliver their vision.
And Apple improved upon what they bought anyway. There is a lot to tech related to the use of the touch id that was developed by Apple.
No, my point was, that Apple has done crazy good pioneering R & D. Fingerprint readers are not in that category. They bought that development. Its important as it pertains to risk. The great companies, IMHO are those that make long term bets on R & D, not those that simply sit back and try to buy those that do.
IE, I want to see more Xerox parc or bell labs or Microsoft research or google/aplhabit’s x projects.