29 Comments

Summary:

The iPhone 5s is the first prominent phone with a fingerprint sensor, and is expected to change the way security is managed on mobile devices. Since passwords are a pain without keyboards, what’s best for a mobile world?

iPhone5s20131

Update: An earlier version of this story said the iPhone 5s was the first phone with a fingerprint sensor. This was an error introduced by the editing process, not the original author.

On the surface, Apple’s recent iPhone 5S announcement seemed just that: all surface, no substance. But as many reviewers have pointed out, the true star of the new model may not be its shimmering gold sheen, but instead the finger sensor built into its home button.

Using a fingerprint to prove you are who you claim to be is not new. But building it into a phone is. And as your mobile phone becomes your carrier of content (such as photos), currency (think of it as a digital wallet) and identity (like Apple’s Keychain software) as well as your route to all manner of digital services, proving who you are will become essential for mobile everything.

Before mobile, Web security rooted itself in the username/password paradigm. Your username and password defined the identity you used to authenticate yourself to PayPal, Amazon, Google, Facebook and everything in between. There are stronger ways to secure access to Web sites, but written passwords predominate because they are personal and easy to type on a PC – where all Web pursuits took place – until the arrival of the smartphone.

The smartphone and its similarly keyboard-deprived cousin, the tablet, increasingly represent the jumping off point for the Internet today. Sometimes, it may start with a browser. Many times it begins with an app. In either case, passwords are no fun when you move to a mobile device. They are cumbersome to type and annoying when you have to type them repeatedly across multiple sites, services and apps. So anything that diminishes the burden of typing passwords on a mobile device is a good thing.

Apple is not alone in identifying that end users want ways to eliminate passwords on mobile devices. Single Sign-On (SSO) technologies – when applied to mobile – can significantly reduce the burden of recalling multiple passwords across different sites, apps and services. But what Apple has achieved is significant because it substitutes a highly-personalized biometric for a password. This has the power to streamline mobile commerce, mobile payments and every other kind of mobile-centered interaction or transaction.

Many commentators have rightfully pointed out that biometrics do not offer a panacea. If your fingerprint gets hacked, for instance, it’s hacked permanently. But there are easy ways of augmenting biometrics to make them stronger. Biometrics can be combined with over-the-air tokens like one-time passwords or supplemented with context-aware server-side challenges that increase their requirements based on risk. But it’s what they achieve when compared with the alternative that makes fingerprint readers so powerful.

The iPhone 5S simplifies authentication for the average user, which encourages security use and acceptance. It also eliminates bad mobile habits like using short, easily memorable, easy-to-type passwords that scream insecurity. Apple is not the first vendor to realize consumers don’t like passwords on mobile devices. But by bringing an alternative to the mass market, it is helping to draw attention to the need and the opportunity: killing the password may open mobile to a whole host of novel security-dependent internet services.

By Dimitri Sirota, SVP Business Unit Strategy, Security of CA Technologies and co-founder of Layer 7.

  1. “The iPhone 5s is the first phone with a fingerprint sensor”

    When the first sentence is such wrong like this I don’t think that the rest of the article can be better

    Share
    1. Thank you. I lose faith in a journalist when the first statement is incorrect.

      Share
      1. That was an error introduced by the editor, not the author. We have updated the story.

        Share
        1. Conan had a great joke about that would fit in well here. I’ll just change “blogger” to “editor.” It went something like this:

          A tech editor has discovered he could use his genitals to unlock the new iPhone. That’s incredible! A tech editor found a purpose for their genitals.

          Share
  2. The Motorola Atrix was the first smartphone with a fingerprint scanner (which used finger swipe and not mere touch). It beat Apple’s iPhone by about two years. It just didn’t get nearly as much recognition as the iPhone is getting. It didn’t work all that well, either. One of those Motorola products that are easily forgotten.

    Share
      1. Probably the same company that made them for the iPhone…Authentec

        Share
    1. Alexandr Shevtsov Sunday, September 29, 2013

      Pantech GI100 was in 2004.)

      Share
  3. Christopher Sullivan Saturday, September 28, 2013

    Considering people already figured out a way to hack the sensor? No. Thus far, Android has better security options with MS being a close second.

    Share
    1. There are plenty of ways to hack your Android passcode.

      Share
  4. Others might be having better luck with the fingerprint scanner than I am, but I find it extremely inconsistent. It will work beautifully some times of day and then later on it won’t work at all. Later, it will work again. Not sure what could cause the inconsistencies, but it is really frustrating and not ready for prime time.

    Share
    1. Had the phone for over a week now. Not one problem with the fingerprint scanner. Scanned my wife’s finger as well and we can both unlock the phone without problems.

      Share
  5. If you rely on your fingerprint to protect your data then you are an idiot. I can take your fingerprint by force or other methods. I prefer something you know and something you have…

    Share
    1. For $5 I can break your android password….

      http://xkcd.com/538/

      Share
  6. Isn’t gigaom supposed to be a specialist blogging site?

    When I read article like this , I feel like reading teenage bloggers that are discovering new ropes.

    Get your facts first, and maybe also get your info from specialist. Is kevin tofle still around? You could ask him one or two thinks about this kind of technology on mobile devices…

    Share
  7. Let me get this straight… You think that locking your phone, with something you leave all over your phone, equals security?

    Did Apple kill the password? IDK, did the Fujitsu F-10D kill it last year? What about the Atrix the year before that? No? Then probably not.

    Frankly, fingerprints are horrible for authentication. Besides the fact that you leave them on everything you touch, they never change. Once someone has a copy, they’re good for life.

    And I’m certain the NSA or some other three letter agency will force Apple to install fingerprint collection software. If they haven’t already. I wouldn’t touch the home button without gloves. If I was foolish enough to want one of these devices, I’d put black electrical tape over the button and the sensor ring for my own safety.

    In fact, given the number of electrocutions caused by iPhones lately, I’d probably wrap the whole thing in electric tape, just the be sure. :)

    Share
  8. A senior of a security company (a) should have a better overview of technologies and then he would know that in Japan the technology has been used for years and (b) should understand the difference between identification and authentication and so would not make claims that a means of identification would “kill” a means of authentication.
    http://holyhash.com/2012/07/20/biometrics-any-good/

    Share
  9. Motorola Atrix has Finger print unlock 3 years back. I don’t understand how Apple killed password. Are these reviews biased to Apple or might be ignorant.

    Share
  10. I think the premise is wrong. You don’t want to use a fingerprint to have access to everything on your smartphone. More sensitive/important data/access should require something more once you are on your past your smartphone’s initial security screen.

    For example, to access your bank account, you should still have to use a more secure password, regardless of whether you access your smartphone with a pattern lock, pin, facial recognition or a fingerprint.

    And yes, it is rather shocking that an article written more than four hours after Apple’s announcement could wrongly claim the iPhone was first.

    Share

Comments have been disabled for this post