Apple’s recent announcement of 2 new iPhones talks of a particular new feature, Touch ID, which has been the center of many discussions this week. What is it and what’s with all the fuss?
What is Touch ID?
Touch ID is Apple’s new biometric fingerprint sensor that has been added under the home button of the new iPhone 5s.
Note: Touch ID will not be on the iPhone 5c.
What is biometrics?
Biometrics or biometric verification is the evaluation of unique biological traits like fingerprints (Touch ID), DNA, retina patterns, etc., to verify an identity.
How does biometric verification (specifically fingerprint scanning) work?
Biometric fingerprint sensors take high resolution images of your fingerprint that is used to identify unique ridges and valleys in your fingerprint that make up your unique fingerprint pattern. This pattern is then converted into an encrypted biometric key or mathematical representation (binary code) and stored. In the case of Touch ID, this information is stored locally on the new A7 processor chip. Now, when you use the sensor to verify your identity, the software reads the newly scanned fingerprint pattern to see if it matches the originally stored pattern.
What is Touch ID used for?
From the information released (so far) we know Touch ID is mainly used for 2 functions: to replace the 4-digit passcode for phone unlocking and to replace login information used to authorize iTunes store purchases.
Note: It has been reported that Touch ID will not be available to developers for third-party app integration - at least not as of the initial release. Read more here.
Is Touch ID secure?
It’s hard to say. There are many components to consider when evaluating its level of secureness and considering the phone hasn’t been released to the general public yet (more specifically security professionals and hackers) no one knows for sure how everything will pan out.
Our thoughts
While biometric fingerprint verification isn’t anything new, even in the world of mobile phones (see: Motorola Atrix). Apple’s Touch ID does have potential - especially in bringing the notions of biometrics into the limelight, considering iPhones have a larger demographic than other phones with biometric sensors (i.e. Motorola Atrix).
While we don’t know all the bells and whistles of Touch ID yet, one thing to consider is the possibility of Touch ID and other biometric sensors to be integrated into authentication procedures for websites, mobile applications, and more. This type of integration is in line with a strong trend in the internet security community to move away from authentication systems that rely solely on passwords as a “secure” means of verifying one’s identity.
Many companies including Google and Facebook have already implemented multi-factor authentication to help confirm user identities. Multi-factor authentication uses two or more categories of information (something you know, something you have, something you are, etc) in order to better confirm your identity. Most current implementations of multi-factor authentication focus on a username/password combination (something you know) plus a mobile phone via SMS messaging (something you have). Adding biometrics (something you are) to that equation could dramatically increase the inherent security of login procedures - which has huge implications for security and user-friendliness of login procedures across the internet.
For Further Reading:
Biometrics for Identification and Authentication:
http://www.cesg.gov.uk/publications/Documents/biometricsadvice.pdf
Touch ID security:
http://blogs.wsj.com/digits/2013/09/11/apple-new-iphone-not-storing-fingerprints-doesnt-like-sweat/
http://arstechnica.com/security/2013/09/fingerprints-as-passwords-new-iphone-touch-id-gets-mixed-security-verdict/