Good bye passwords! Hello fingerprints! (or not)

With the iPhone 5S, Apple has introduced biometrics to the masses. Users can now unlock their phones using their fingerprint. While some see this as a good opportunity to get away from passwords, usually considered cumbersome, biometrics have obvious shortcomings.

It all boils down to the difference between identification and authentication: while a fingerprint is unique, it is hardly secret (it’s all over your smartphone!), can be duplicated without you noticing, and it’s really, really hard to change if compromised.

A group of German hackers already managed to crack the iPhone 5S biometric unlocking mechanism using a fake fingerprint, proving it is certainly not more secure than a simple password.

In fact, a fingerprint is more like a user name: it identifies you but is in no way sufficient to authenticate you. Passwords still are the recommended way to prevent anyone from accessing your private data.

The danger here is to blindly trust new technologies: they sound great and look like magic, thus people tend to embrace them without understanding the consequences first.

No technology, no matter how advanced or cool looking, can replace common sense.

References

http://blog.dustinkirkland.com/2013/10/fingerprints-are-user-names-not.html

Advertisements

5 thoughts on “Good bye passwords! Hello fingerprints! (or not)

  1. I find the concept of using fingerprints as a password cool and interesting. But as we discussed in class, cool and interesting does not mean better and the German hackers proved this. I believe that people rely more on technology to protect them now than ever before due to the great advancements we have made, but this causes them to be vulnerable; and hackers see this. I use a lock pattern on my phone and will continue to do so even if I upgrade to a fingerprint password supported phone in the future.

  2. Well, for me biometrics cannot, and absolutely must not, be used to verify an identity. For verification, you need a password or pass-phrase. Something that can be independently chosen, changed, and rotated. In my opinion it could be used to identify an username not a password.

  3. To be honest, I find it astonishing that the finger prints can be duplicated via a non-technical fashion. It makes me think how the biometric system works. Does it take a scan of a complete finger print, or does it take a scan of a part of your finger that is unique that anyone cant duplicate?

    Imagine pressing the menu button for the first time. It now has your finger print, and just that. Imagine pressing it multiple times… now your finger print is smudged allover the button! How can it still identify it is you, when your finger print is most likely illegible to the human eye? This I wonder.

  4. As flashy and modern as this fingerprint scanner appears to be, I believe that you definitely made a point by saying that people put too much trust in new technology. In many ways, I believe that this generalization can be applied to the rush to download Apple’s new IPhone platform, iOS7. While the promise of a new design layout and features attracted most IPhone users, there seemed to be several issues with the platform that many did not consider before clicking the download button as soon as the option was available. One such issue is that this new platform operates much slower on the older IPhone models, which displeased many and led to a high variation in reviews when it came to iOS7.

  5. I totally agree with the notion that we should not blindly trust technologies. Although it sounds like nothing can be more personal than your own fingerprint- think again. Just as demonstrated in this article, bio-metrics at first make it seem like something is more secure. However, one could be even more vulnerable, especially given the lengths hackers will go to hack into someones account, mobile device, and what have you.

Comments are closed.