Stealing someone’s print is easier than you might think:
A reader writes:
The people who are arguing against fingerprint (or other biometric) authentication are forgetting that all the ways of defeating this scheme require physical access to the phone. And Apple’s Phil Schiller has pointed out that more than 50% of iPhone owners did not use the passcode feature. The appropriate comparison here is not an ideal security scheme to this new fingerprint scanner, but to no security at all.
With regard to “The Fifth Amendment Doesn’t Cover Your Fingertips” post, Marcia Hoffman’s worries seem baseless, as least as relates to Apple’s current implementation of the iPhone. She is concerned about a system that would allow a fingerprint alone to unlock a phone. Apple requires not only a fingerprint, but a backup numeric passcode, to unlock the phone. The numeric code is required any time the phone has been rebooted or hasn’t been unlocked for two days. By the time a court would be able to order you to provide your fingerprint, two days would certainly have elapsed, and the fingerprint alone wouldn’t work without the passcode, which is protected by the Fifth Amendment.
OK, I can’t just stay silent on this: ”Passwords provide the strongest possible security guarantee.” No, they don’t. These days, a password you can remember equates to a password that can be cracked.
There are advanced methods that cut down the amount of processing time needed by pulling in vast databases of common patterns (known as rainbow tables), but even without that, your random 16-character password that is impossible to remember, by itself, still isn’t safe.
And that is where this new technology comes in. For today, right this minute, you should already be using two-factor authentication at minimum for all your email and bank accounts (go do it this instant, then come back and finish reading). Two-factor authentication, in short, combines something you know (password) with something you have (iPhone app, security token) so that a remote person has a much harder time getting into the account.
So with this new technology, once Apple opens up the API, your phone can become a more secure version of the security token. Right now if someone steals your token, they can easily get at the random number it generates. (Since they expire every 30 seconds or so, these apps themselves are not password protected, and the hardware tokens are accessed with a simple button press.) With this technology, someone would have to steal three things to access your accounts: something you know (password), something you have (phone) and something you ARE (fingerprint).
Can that be done? Sure. Will that level of protection be enough for the average person? Yes, at least unless/until someone finds out a way to install a virus on the phone remotely that can access the fingerprint validation (not necessarily the data) and your passwords. But once someone has that level of control of your device, they’ve got you dead to rights no matter the technology.
Another rare circumstance:
I would add one more problem to using fingerprints as a means of identification: not everyone has a fingerprint. A prime example of this is my tech-savvy 84-year-old grandmother, who has owned just about every Mac/Apple device since the mid ’90s, including an iPhone 5. She also hasn’t had fingerprints for at least the last five years. They have simply worn away over the years. I haven’t talked to her about it yet, but I can’t imagine she’s excited about using a fingerprint as a password.