5 Top Security Questions about iPhone Biometric Authentication
Apple is acknowledging a common complaint from online and mobile banking: the need for stronger authentication.
By the addition of a fingerprint sensor to the iPhone 5S’s Home button, Apple is mitigating the risk of username and password hacking. Users register their print within the device, after which they would be able to unlock the phone by placing a finger or thumb on the button.
But the approaching release of the new smartphone is not without doubts and questions, especially on the security side:
So how does the iPhone fingerprint technology work?
The new iPhone home button is a high-definition camera. When you register your fingerprint, the camera can take a 550-pixel-per-inch photograph for up to five of your fingers. The phone then encodes these photographs into digital representations, stores them in a separate partition of the phone and then uses them for comparison when you access your iPhone.
Why are fingerprint technology and other biometric-based security the next big things… and how can we make them even more secure?
Unfortunately smartphone and tablet authentication has become a nuisance for most people today. In fact, more than 50 percent of all users do not implement passwords or PINs on their mobile devices, either due to the inconvenience or simply because they are not aware of the risks of unprotected devices. As a result, Apple and other mobile device manufacturers are being challenged to increase security and usability. Passwords are an annoyance for most. Unless you utilize complex password strategies – including alpha-numeric, upper and lower case and special characters, passwords may be easily cracked. As a result, biometric authentication such as fingerprints, retinal scans and facial recognition are simply more convenient for the user.
Biometric solutions added with other measures have the ability to increase authentication security. Traditional authentication is performed with a single factor process that employs user IDs and passwords. Multi-form factor authentication strategies have been around for a while and must include at least two of the following items:
- Something you know – User ID / passwords
- Something you have – Smart card (your phone)
- Something you are – Biometric (your fingerprint, your retinal scan, your face, etc.)
The addition of other authentication requirements increases the overall security of the access controls. Because you must have your phone and your fingerprint, access is more secure. A thief may be able to steal your phone and hack your password, but he or she would not have access to your biometric. Nevertheless, requiring all three attributes (phone, biometric and PIN/password) would increase the security of the device even further.
What security risks should iPhone users look out for?
While Apple stated that the digital representation of the fingerprint could be encrypted and stored in a separate secure partition on the iPhone chip, it may still be possible (at some point) for hackers and virus developers to create a malicious application that could gain access and copy your fingerprint data. Obtaining this information could not only allow them to gain access to your phone, but could significantly increase their ability to steal your identity, allowing them to gain access to your personally identifiable information.
As always users should practice safe computing practices.
1. Keep iOS and applications up-to-date. Patches and updates come out on applications when known bugs and vulnerabilities are found. Updating your system increases your device’s security.
2. Install anti-virus solutions if they are available. While most mobile devices still have few antivirus solutions available, they are becoming more prevalent. Find solutions from trusted software manufacturers, install them and keep them updated.
3. Do not browse unfamiliar websites, as they may contain socially unacceptable content. These sites are frequently filled with viruses, bots and other malicious applications.
4. Do not open attachments or web links sent to you in emails or texts, especially from unknown users. These attachments and links are often sent from users with infected devices or directly from malicious sites/users.
5. Do not use publically accessible Wi-Fi networks where malicious users may easily gain access to your devices. Hackers sit in coffee shops and airports monitoring and “sniffing” wireless network traffic for your user IDs, passwords and other personally identifiable information.
6. Turn off external access to your devices. Viruses and malicious applications can be pushed to your devices via Wi-Fi, Bluetooth and NFC connections. If you are not using them, disable them.
What fingerprint apps are available for non-iPhone users?
Fingerprint devices for desktops, laptops and PDAs have been around for years. Devices can be attached via multiple connections including Bluetooth, USB and serial ports. Additionally, software-only solutions exist for devices as well, including fingerprint software for Android devices. Fingerprint solutions for mobile devices to date have been cumbersome and inaccurate, causing other manufacturers to eliminate or postpone their products. The implementation of the iPhone fingerprint reader will undoubtedly cause other manufacturers to rethink and redesign their solutions.
Where is the future of fingerprint scanning heading?
As previously mentioned, biometric solutions have been offered for quite some time. In fact, Microsoft’s workstation and Active Directory environments have the ability to fully integrate biometric and smart card authentication. However, the iPhone fingerprint solution is the largest consumer-based biometric offering to-date, and has brought fingerprint authentication out for public consumption. Additionally, by already integrating the fingerprint authentication with the Apple iTunes, App and iBook store purchases, Apple has paved the way for other biometric authentication processes across the web. While Apple is not currently allowing access to fingerprint authentication to other vendors or websites, it is not hard to believe it will happen very soon.