Essays on Technology and Culture

Biometrics Go Mainstream with Touch ID

The marquee feature of the new iPhone 5S is a fingerprint scanner that can not only be used to unlock the phone, but also make purchases from iTunes, the iBook Store, and App Store. While it’s not the first smartphone to include a fingerprint scanner, the Motorola Atrix 4G didn’t exactly set the world on fire. Elsewhere, the Moto X may have an always-on microphone to have the phone respond when you summon it, [1] but it’s not tuned specifically to your voice. The iPhone 5S is the first phone to make biometrics mainstream, and it has the potential to revolutionize security for the average user, in the mobile space and beyond.

The passcode on smartphones is an easy point of failure, and there have been plenty of alternate solutions. There’s the pattern-swipe lock screen that is the standard on Android phones, crackable by reading the smudges. Some phones use face detection to unlock, but those can be defeated simply by using a photograph. While thumbprint scanners can be exploited, it’s unlikely someone’s going to try making a gummy thumbprint just to get into a phone. Short of a crook cutting off your thumb, fingerprint identification is much more secure than any other form of smartphone security. That is, if it works right, and that’s yet to be seen. However, since Steve’s return to Apple, they’ve tended to not release features that are half-baked. Three-quarters baked, sure, but not half-baked.

Biometric technology hasn’t been huge in the consumer space. You can find it on some business laptops, but most of us are still tied to memorizing strings to log into our computers, if we even bother with that. [2] Fingerprint readers are known to be somewhat finicky, and cheaper readers that use less sophisticated scanning mechanisms and identification algorithms are either going to frustrate a user by not letting them in, or be laughably insecure. It looks from the Touch ID setup process that Apple’s trying to get as much info as possible about a fingerprint, which should reduce the chances of a legit user being denied access, and a non-legit user gaining access, but only Apple knows what the leeway the algorithm has.

If Touch ID in the iPhone 5S works well enough, it gives Apple a new way to tie a user to a device—and to their other devices. I don’t think it’s a leap to imagine an upcoming version of OS X (or, perhaps OS XI) that will allow you to use your iPhone’s fingerprint scanner to log into your Mac, perhaps over Bluetooth 4.0. Half of that setup is already used by two-factor authentication app Authy. It overcomes one of the inherent security issues with NFC-based payment methods like Google Wallet. Instead of a guessable PIN, someone could use the fingerprint scanner to authorize a transaction, possibly with Bluetooth 4.0, or iBeacon as the transmission mechanism instead of NFC, reducing the steps in the process. Touch ID based purchases from Apple could easily be a dry run for this.

The success of Touch ID all comes down to making it work well enough in these early days. If Apple’s support forums are flooded with users complaining that their iPhones won’t unlock no matter what way they put their thumb on the darn thing, Touch ID will not take off. I’ll give Apple the benefit of the doubt. I don’t think they’re desperate enough to release a product defining feature early enough that these problems wouldn’t have been caught in internal testing. Who knows how long Apple’s been working on making this work, after all? I’m also sure that Apple will be tweaking the algorithms that identify fingerprints once people are busily rubbing their thumbs against them. We’ll have to wait, first until the press embargo has been lifted and reviewers get to share their experiences, and then when the feedback comes in from ordinary users.

People who claim the iPhone 5S isn’t “revolutionary” enough aren’t thinking long term. Today it’s unlocking our phones with a thumbprint. We won’t be unlocking our entire lives with a thumbprint tomorrow, but in a few years, we may be looking back to the humble idea of a fingerprint scanner on the button of an iPhone as a sublimely brilliant idea that’s changed the face of security for the average user. Technological revolutions don’t happen in huge jumps, or creating “new product categories.” They come from the adjacent possible of using tools we’ve developed in new, and exciting ways, and that’s what Apple excels at. I just wish I didn’t have to wait two years to try it out myself.

  1. This is the sort of thing that should make people more paranoid than the idea of someone’s fingerprints being stored in a database, whether locally or networked.  ↩

  2. Apparently, the Windows implementation of fingerprint-based password verification is rather insecure too.  ↩