After about a month of speculation, Phil Schiller, Apple's VP of marketing, announced Tuesday that the iPhone 5S would come equipped with a fingerprint sensor. Officially called Touch ID, the sensor and its software will let users access their iPhone and iTunes account via thumbprint. But will Touch ID actually make iPhones more secure?
"So much of our personal lives are on these devices. ... We have to protect them," said Schiller. The fingerprint sensor was a security measure that Apple installed, possibly in reaction to the fact that over half of iPhone users don't use a passcode. "Some people find [passcodes] too cumbersome," Schiller added.
Fingerprint readers themselves aren't a new invention, but they never quite made it into the mainstream. Anil Jain, a University Distinguished Professor of Computer Science at Michigan State University, said several other companies have tried to take advantage of the fingerprint as an unlocking device. "There have been laptops, USB sticks, car doors, hotel locks, and even Disney World tickets that have used fingerprints," he told ABC News. "But nothing's really taken off."
Perhaps one of the reasons why fingerprint scanners haven't found their footing in the marketplace is because they can be finicky. "You can't place your finger in any direction and then expect the fingerprint matching algorithm to accept it," said Jain. The state of your finger also matters, he added, noting that a dry finger may scan differently than a wet one or a lotioned one.
A fingerprint reader that doesn't work reliably can add to a user's frustration. It could be just as off-putting as mistyping a password. We didn't find that sort of fustration in our short time testing out the iPhone 5S' sensor. After registering a print it logged us in almost instantly and when another tried to unlock it with their thumb an error message read "try again."
But other security experts worry that a misread fingerprint might be the least of theworries, especially in regards to a device as ubiquitous as an iPhone.
"One security measure does not mean that the device is secure or that the applications on the device are secure," said Scott Matsumoto, principal consultant for the software security firm Cigital. "There's no one thing you can do that says, '*POOF*, you're secure!' Security is built up from a lot of small things."
Apple keeps its record of the fingerprint confined to the iPhone and not on an external server. However, Matsumoto said that users should be careful because the iPhone is both storing and validating a user's fingerprint in the same place. "The way that it's stored is very insecure," he said. "How do you change a fingerprint if it gets compromised? It's the last thing that I want to happen."
|"There's no one thing you can do that says, '*POOF*, you're secure!'"|