Apple's biometric identity crisis

By on

This article appeared in the August 2017 issue of CRN magazine.

Subscribe now

Apple's biometric identity crisis

COMMENT  There’s an odd sort of rumour going around the traps about the next revision of the iPhone, which for some reason is being referred to as the iPhone 8. (This makes little sense, since we had a new number last year so we’re up to an “s” release this year I would think. But hey, if you’re going to make up stuff for rumour sites, why not go for broke.)

Anyway, the rumoured new iPhone (which might also be called “iPhone X” because, hey why not) might lack the Touch ID fingerprint sensor that has been a feature of the last couple of models. This, I should mention, is a “hot” rumour and regarded as highly probable by people who spend their time mulling these things over.

Which, of course, means absolutely diddly squat.

Touch ID is a secure system. In the years since it was introduced, no-one has yet circumvented it maliciously (the YouTube videos that you can find of people “cracking” it always involve the willing participation of the owner of the phone, so they don’t count). What’s more, banks and other security-conscious organisations have incorporated it into their applications. Its reputation is pretty solid, and changing it out for some other system would be non-trivial.

The rumour is that it will be replaced with some sort of facial recognition system. Samsung, you may be aware, already tried that with its smartphones. That system can be fooled with a photograph of the phone’s owner.

That’s bad. I would say that it’s blown up in Samsung’s face, but that would be insensitive. One mustn’t mock.

Apple is rumoured to be working on 3D scanning for its facial-recognition technology. Some sort of infra-red thing, beamed out from the front of your phone to scan your head and verify your identity.

All sounds a little sci-fi, but we’re talking about a pocket-sized device that can retrieve the sum total of human knowledge in seconds — and also cat gifs and porn — so anything’s possible, right?

Just make sure you don’t change your hair, grow or shave a beard, or buy new glasses, I guess.

The thing that gets me, though, is why is any of this supposed to be better than a password?

Try this: think of three monosyllabic words. Now string them together into one word, with the start of each word capitalised. Now swap the vowels — AEIOU — for numbers — 43109. Got that? What you’ve got there is a password that meets the criteria for the most secure systems. No-one can crack it, and you’ll have no trouble remembering it. Perfect security.

Now, you may say that biometrics is an additional security factor tied indelibly to you. That’s only valid if the biometric security is in addition to the password — which it isn’t. It’s instead of. So far Touch ID is as good as we’ve got and hasn’t been beaten. 

I’m particularly impressed with it because — thanks to a chronic skin condition — I almost completely lack fingerprints. Most fingerprinting systems fail on me, but Touch ID doesn’t. There’s enough of a print on my left thumb for it to work with. Kudos where it’s due.

Apple’s been toying with biometrics since the 1990s and MacOS 9, which allowed you to use a voice-print as a password. It was awfully good fun. Completely useless in an office, of course — partly because the background noise reduced reliability and partly because everyone could hear your password. Obviously.

The limitations of voice-prints in offices are multiplied a thousand-fold on public transport, so don’t expect to see (or hear) them used for phones any time soon. Simple facial recognition is already busted (thanks Samsung), so expect that to disappear.

Perhaps I lack the imagination to see people 3D-scanning their heads with their phones as anything but ridiculous. I certainly don’t think you could do it surreptitiously in a meeting or a cinema (phone on silent of course) to check messages.

Maybe Apple knows something about a limitation or weakness to Touch ID that it’s not telling us — or the various banks and so forth that have come to trust it. That’s the only good reason I can see to replace it. If it drops Touch ID in favour of something else just to be cool, that would get an (unnaturally smooth) thumbs-down from me.  

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Vendor certifications are...
Essential to differentiate channel partners
Important but hard for partners to justify the investment
Too onerous, expensive, don't drive enough business
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?