Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The iPhone 5s fingerprint reader: what you need to know

Rich Mogull | Sept. 12, 2013
So Apple has announced that it's building a fingerprint reader into its new flagship smartphone, the iPhone 5s, calling that technology Touch ID. Here's what you need to know about it.

It also depends on how the fingerprint is stored. If the template is large (as in longer than any passcode you would ever care to remember), and properly hashed, salted, and stored, it is definitely more secure than a passcode (until a S.H.I.E.L.D. agent lifts it off your vodka martini glass at that casino in Morocco).

Finally, both passcodes and fingerprints are still forms of single-factor authentication. That means you only need one thing to break into the system. Really secure systems require multiple factors, such as a passcode and a fingerprint.

Does this mean I don't need iOS passcodes anymore?
No, passcodes are still here to stay. For one thing, you need a way back into your iPhone if you lose a finger (or cut it in the wrong spot) or break the sensor. But, effectively, you won't need to use your passcode day to day. We'll have to see how Apple handles alternate recovery options; I suspect you will still use a recovery passcode.

Corporate users may also still be required to use passcodes, and people who might be targets of fingerprint theft (remember, the Department of Defense uses iPhones now) probably don't want to rely only on passcodes.

What about my iCloud and iTunes Store passwords?
Because you access Apple's cloud services from multiple systems, not all of which have fingerprint sensors, you will still need passwords for them. However, based on what Apple has said and shown, you can use your fingerprint to authenticate purchases and actions from your iPhone 5s. Odds are that Apple will store your iCloud and iTunes Store passwords in your iPhone keychain, then use your fingerprint to authorize access to them. This is similar to how OS X and iOS have always handled stored passwords. It is also consistent with Apple's emphasis that your fingerprint never leaves your device, and isn't stored in the cloud.

Can other apps and services use my fingerprint?
Apple has stated that other apps will be able to use Touch ID, but also that said apps will never access your fingerprint. Again, I think these apps will probably use the iOS Keychain. Apple may also open up the API to allow apps to access the Touch ID sensor itself, or, more likely, to have iOS authenticate you and pass along the result. Finally, many apps and services, such as Twitter, use a standard called OAuth to allow access without exposing your username and passcode on the device. This won't change, but perhaps there will be a new API call so such apps can check to see if you unlocked the phone, and it wasn't merely laying around for someone to access.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.