The era of one-tap authentication is about to begin. Apple's announcement today of a fingerprint scanner in the iPhone 5s brings biometrics into the mainstream, enabling fast and secure access to your smartphone while also enabling one-tap purchases through iTunes. Touch ID has already raised hopes that it can replace, or at least complement, the humble password — while also leading to fears that tying smartphone activity to your fingerprint could lead to Orwellian surveillance from the government.
In its announcement, Apple played up the feature's speed, security, and purchasing power. "It's a convenient and highly secure way to access your phone," the company says. "Your fingerprint can also approve purchases from iTunes Store, the App Store, and the iBooks Store, so you don't have to enter your password." And where other manufacturers have released balky, unreliable scanners, Apple says Touch ID can read prints from any angle — a key consideration for making logins fast and accurate.
Your new Apple ID is at your fingertips
At the same time, in an age when half of iPhone users don’t bother setting up a passcode, a fingerprint scanner seems unlikely to prove a major selling point for phone buyers. So why would Apple invest so much time and money building a feature that could be greeted with a shrug? The answer, biometric security experts say, lies in the fingerprint’s ability to serve as the catalyst for a much broader range of services.
By tying the phone’s owner to a physical identity, Apple opens up a world of possibilities around payments and authentication into third-party applications. Today, there is no way for other applications to access the sensor. But over time, the scanner could become the centerpiece for login, authentication and password management across the company’s range of devices and services.
Put another way: your new Apple ID is at your fingertips.
Fingerprint scanners come in several varieties. All of them operate on the same basic principle: capturing an image of your unique print, and matching that image to the reference print you provided when you set up your device. Apple is using a capacitive sensor from AuthenTec, which it acquired last year for $356 million. The company's sensors were known in the industry as being among the best. "Authentec is one of the most popular scanners when it comes to being integrated on devices like laptops," said Danny Thakkar, co-founder of security firm Bayometric. "Their swipe scanners are very small in size and capture excellent fingerprints."
But while electronic scanners have been in use for decades, and have increasingly found their way onto PC laptops, they have yet to feature prominently in mobile devices. Motorola's Atrix 4G, released in 2011, included a fingerprint scanner — but the device suffered disappointing sales, and the scanner was eliminated from the lineup. More recently, a Toshiba smartphone integrated an AuthenTec sensor into a smartphone in Japan, but the move stirred little interest in the United States.
Bringing biometrics to the mainstream
Analysts are betting that Apple’s push into fingerprints will put biometric security squarely in the mainstream of consumer electronics, driving demand for fingerprint scanners just as the company’s adoption of touch screens sent stocks of those companies soaring. The stocks of European biometrics manufacturers doubled in the wake of Apple’s Authentec purchase, as investors bet that rivals like Samsung, Google, and Microsoft would soon look to acquire fingerprint scanning technology of their own.
To the average iPhone owner, the question is how deeply Apple will integrate the new sensor into the rest of iOS. Apple is starting with purchases of apps and media content, but it has the potential to go much further. One idea popular with Apple watchers: use it to beef up security and authentication inside Passbook. Since the app was announced last year, observers speculated that it represented a first step toward building a full-fledged digital wallet to compete with those offered by Google, the carrier consortium Isis, PayPal, and others.
Passbook launched as a place to store tickets, passes, and coupons in a single app, using location data from the phone to surface them at the right time. With more than 575 million active credit cards on file through its iTunes Store, it’s easy to imagine Apple letting consumers store payment cards inside Passbook as well. Fingerprint authentication could give users a stronger sense of security, helping to spur the platform’s adoption.
Apple could also let users log in to other apps and services using fingerprints, providing secure authentication into apps and websites with a couple of taps. If biometric solutions become widely adopted, the tech industry could begin to phase out — or at least augment — the flawed, familiar password.
BUT IS IT SECURE?
For fingerprint logins to replace passcodes, the process has to be simple, fast — and secure. No one argues that fingerprint scanners are foolproof; in past years, they have been fooled by photocopies, Play-Doh, and even gummy bears.
"There is never going to be a foolproof security mechanism."
But generally fingerprint logins are more secure than a simple four-digit passcode, said Anil Jain, a professor of computer science at Michigan State University who focuses on biometric research. "Every security mechanism can be circumvented or bypassed," Jain said. "A lock on a house can be broken. But it is more difficult to hack than a PIN number or a password or an ID card." Jain added that fingerprint sensors have improved over time, and have an easier time distinguishing between a real finger and a photocopy. Still, he said, "there is never going to be a foolproof security mechanism."
Fingerprint scanners have also had issues with durability; sensors degrade over time, and some manufacturers have struggled with creating products built to last. Jain said the current generation of sensors should be able to withstand the two to three years of touches they can expect to get over the average life of a smartphone.
There's also the question of how consumers will respond to fingerprint scanners in an era where revelations about the National Security Agency's data-collection practices have come under increasing scrutiny. Apple says your fingerprint will be stored on the device and never uploaded to its servers, but privacy advocates will likely have additional questions for the company as biometric authentication comes into the mainstream.
But make no mistake: biometrics are likely to become increasingly prominent in the post-PC world. Millions of iPhone users are about to try the sensors out for the first time. And if they work as well as they do in the promotional videos, today could be a turning point for biometrics.