"Unless every website, every program, every piece of hardware that you use integrates this technology, it's not going to work. For this to completely replace usernames and passwords, there will have to be a lot of up-front work on the user's part and the developer's as well. you're still going to need back-up passwords and usernames for cases where you don't have your phone (like on a PC/Mac) or internet cafe. It's just too complex of a situation."
You are completely missing the point. It is NOT replacing a username/password (or passcode in the case of the phone lock) as an authentication mechanism. It likely would just automatically input the information, using your fingerprint to confirm your identity. Very similar to the auto-fill feature in modern browsers. It wouldn't require any special integration from websites or application developers.
1) Fingerprint sensor is cool. I dont see the concern of the first comment posted here.
2) It can be a local process of authentication on the device... Independent of remote sites.
3) Plus i feel it will be mainly for authentication of the phone user to get past lock screen... And apps on iphone.
4) If it ever gets expanded to act as log in authentication for remote sites.. It will just be fantastic.
Numbered above to reply:
1) It may be cool tech, but scary/creepy.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
I hope this isn't true. It would make far more sense to integrate it into the screen.
Especially since they just spent millions buying a company with world-leading technology that does exactly that.
why not make the home button the same as the screen, much like the glass trackpad? Actually, if they made the home button as a mini trackpad, that would allow swipe gestures also.
Of course there's always the cut off your finger method as well.
People need to stop and think about this:
- when your password is compromised, you can make a new one in 5 minutes.
- what do you do when your fingerprint is compromised?
There's no alternative except returning to passwords, because you can't change your body. At that point you are back to using passwords AND your fingerprint has been compromised, so you are unequivocally worse off than before.
It doesn't surprise me that many people aren't thinking about this, it does surprise me that it seems almost no one is.
...could be difficult for competing Android and Windows Phone devices to copy...
This is a gratuitously insulting statement. Samsung is one of the most innovative companies on the planet, they have a tried and true strategy already in place. They simply copy it now and work out the detail later in the courtroom.
Of course there's always the cut off your finger method as well.
People need to stop and think about this:
- when your password is compromised, you can make a new one in 5 minutes.
- what do you do when your fingerprint is compromised?
There's no alternative except returning to passwords, because you can't change your body. At that point you are back to using passwords AND your fingerprint has been compromised, so you are unequivocally worse off than before.
It doesn't surprise me that many people aren't thinking about this, it does surprise me that it seems almost no one is.
Well that was not encouraging lol
I gather Apple could use this as a soft passcode approach, whereby a password would be required to access sensitive data on the phone or to unlock it. However, if the data is kept only on the phone, then the phone would have to be hacked to gain the biometric data, and having a hacked phone circumvents the need to gain the biometric data to hack the phone. Although if getting to your biometric data is the objective and the phone is easier to hack than a back, then that is a problem also.
I guess to be sure, we need finger, voice, retina, and a password. Or no phone at all :P
...could be difficult for competing Android and Windows Phone devices to copy...
This is a gratuitously insulting statement. Samsung is one of the most innovative companies on the planet, they have a tried and true strategy already in place. They simply copy it now and work out the detail later in the courtroom.
I agree. That has worked well thus far, why change it? :P
Oh, and much cheaper than all that pesky R&D stuff.
People need to stop and think about this:
- when your password is compromised, you can make a new one in 5 minutes.
- what do you do when your fingerprint is compromised?
The other thing to consider though is that people have to remember passwords and because of the rise in computing power, we need longer and longer ones:
"Using a brute force method, the cluster is capable of guessing every single eight-character password containing letters, numbers, and symbols in 5.5 hours. The cluster is running Virtual OpenCL, a platform that makes the GPUs believe they're all functioning together in a desktop computer"
And they wouldn't use brute force normally so you can bet even longer passwords are feasible these days.
I don't like usernames and passwords either and static data like biometrics is not enough. Biometrics would work if the scanner could test vital signs. In other words, you'd only pass a retinal scan if the scanner could verify that it was sampling an actual eye and not being tricked with just the data. But obviously computers can be tricked in many ways so that's a very difficult problem to overcome.
If we stick with passwords, we're going to need something a lot better than just remembering longer phrases. At the very least to save time typing it in.
One approach to get round the passwords might be the following:
- there could be a very large encryption key in a file on a smartphone or computer protected with a simple gesture or code
- there would be a similarly large key on the server
- when you go to authenticate something online, they'd send a random message to you that has been operated on using the server key
- you would then take that message, type in your simple passcode and allow your smartphone to operate on the message using your local key
- once the server gets the message back again, it can tell the local key and server key match
This is basically what can be used for SSH authentication:
but it protects your local keys behind a simple protection.
No server exploits are possible because a hacker would only get a single key. If someone steals your phone or computer, they'd have to guess the gesture or keycode to decrypt the larger key and still have to figure out what services the person used and possibly their username. By that time, the victim of the theft simply gets a new key issued without having to guess a new passcode or gesture. Multiple complex keys can be stored behind a basic local barrier and this barrier could even be a biometric one. This biometric data would never be sent to a server. Biometrics plus a simple pass key or gesture would be even stronger.
I personally get tired of using password schemes. I make up unique passwords for about 20 or so services and then write them in a local encrypted dmg with a strong code in case I forget but it's such a pain having to remember them all. The benefit to passwords and biometrics alone is that you always have them with you so you could log into a service from another computer but I think we're going to have to start using longer computer generated keys and they can be put on SD cards if needs be.
Nowhere in the article does it say that usernames and passwords would be replaced globally across all apps in the phone. Nor does it state so. This could start by simply replacing a passcode to unlock your phone, which would be quite handy. Of course it would be nice to go password-less across the board. That is not mentioned or implied here.
Nowhere in the article does it say that usernames and passwords would be replaced globally across all apps in the phone. Nor does it state so. This could start by simply replacing a passcode to unlock your phone, which would be quite handy. Of course it would be nice to go password-less across the board. That is not mentioned or implied here.
Yes, in its simplest form, it would be an authentication process as soon as you tap the home button without requiring a passcode. The extension to simplifying online passwords is just a need that it might be able to help with in some way. Apple's advantage has always been doing the software and hardware together so there can be uses beyond the unlock. It can be used to authenticate App Store purchases or any number of things if it's done in the right way.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
Fingerprint/Faceprint systems do not store images of your finger/face. They store a small set of "vectors" extracted from the image by the recognition algorithms, which are then encrypted. Even if you decrypted the vectors, you would not be able to recreate the original finger/face image. In addition, the "feature space" of a finger/faceprint is much larger than that of a typical password (which might be only six characters long, consisting of only letters and numbers for a "space" of 26 to the 6th power. These vectors are akin to the hashes that password based systems store. Compromising such a system does not reveal passwords, just the hashes for them. If the hash key is large enough, it is computationally impractical to work out the original password, unless it's in any of the widely available online dictionaries. The vastly larger feature space of a set of finger/face vectors makes brute force decryption impractical. As your fingerprint vectors would never leave the phone, there would be no chance of building dictionaries of them on the web.
The benefit of Authentec's sensing technology is that it requires a physical finger. It is not an optical sensor, so a photograph of a fingertip cannot fool it.
When you present your finger/face to a recognition system, it extracts the vectors from the image it takes of your finger/face and computes a degree of fit with those vector sets it knows. If the system accepts a large number of authorized users (for example a building security system), it must find the best fit from amongst a large collection of vector sets, which often produces recognition errors. If the system is simply checking for the presence of one or two owners, recognition accuracy can be quite high.
To use a fingerprint sensor as the key to opening a Keychain like password system makes sense to me. The vagaries of various website and app password systems can be handled by the internal plumbing of Keychain. Rather than annoying me with constant prompts to enter my user/admin password, a quick press of the home button (or some region of the screen) seems both easier and less prone to hacking. You can't look over my shoulder to learn the physical characteristics of my fingertip. You can see what I type.
It seems to me that if true the fingerprint scan would only be used to unlock your iPhone - and perhaps leap into Siri. It doesn't make sense to me that you would be asked to press the home button when visiting a web page or within an app in lieu of entering a password, as pressing the home button returns you to the home screen and always has done. It seems like a good idea to me, especially since in order to access work email on my phone the company imposes a long Passcode lock policy. I'm also shocked at how many people I know who have no Passcode lock at all on their phone, despite the sheer amount of information stored on iPhones from email to banking etc.
why not make the home button the same as the screen, much like the glass trackpad? Actually, if they made the home button as a mini trackpad, that would allow swipe gestures also.
Well it wouldn't be a button if it was part of the screen. One of it's uses is that it allows blind people to use the phone. It has to be a physical button for that to work.
For reasons to many to mention that have been discussed over and over again ... the Home button is not going anywhere. It's a central part of the entire design, everyone likes it, and removing it would serve no purpose.
Also ... edge to edge screens? What have you been smoking?
The home button is an archaism. The era of edge-to-edge button-less design is coming and nothing can stop it.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
No personal insult intended here but this is all paranoid nonsense IMO. Why exactly would this be "creepy"?
I remember this was a common point of view in the 1970's but I think we've kind of moved on from there. I also think your assessment of what information can be extracted from the phone by app developers to be over-the-top and likely based more on fear than facts.
My only concern with this tech is the fact that the ones I've tried always want you to use the fingerprint on your index finger, and I don't happen to have one. So that's always kind of frustrating. I trust Apple will give us the option of which finger to use however, as they usually think of things like that.
What if this isn't about security so much as recognizing when a finger is placed on a certain area. To create a 'virtual' home button rather than a physical one. They could move the hard reset to say pressing both volume buttons at the same time or some such. Or that could be taking a screen shot and do it with the sleep button for the reset.
... I'm also shocked at how many people I know who have no Passcode lock at all on their phone, despite the sheer amount of information stored on iPhones from email to banking etc.
Well, there is no way to store your passwords on the phone. Unless you are foolish enough to put them in a text file.
So it's not like possession of the phone equals possession of access to your bank.
I like your analysis of the home button as fingerprint scanner issue though. I think you are 100% correct on that.
This reminds me of the fingertip pattern unlocking that was popular on touch PDAs for a short while around the turn of the century.
A whole mini-industry and lots of scientific research sprang up over what patterns were most secure, etc.
Then, of course, people belatedly noticed that their fingers left a grease trail that showed what the unlock pattern was. D'oh!! Since a stylus was usually used for every other interaction, the unlock pattern was clear as a bell.
After that, pattern unlocking disappeared as a security option for a long time. Even Apple didn't use it for security, but instead just used it for simple unlock.
--
Re: fingerprints. Cheap visual sensors can be fooled. Better ones look for live person hints, like perhaps body heat. Some have very fine capacitive sensors that actually map out the live person's fingerprint ridges. In other words, a picture or even a cut-off finger won't work.
In any case, as others have pointed out, they shouldn't worry about a bio-metric theft or sales situation. This kind of info is usually kept only inside that particular device. If you use a different device, you'll need to enter your fingerprint again.
Comments
You are completely missing the point. It is NOT replacing a username/password (or passcode in the case of the phone lock) as an authentication mechanism. It likely would just automatically input the information, using your fingerprint to confirm your identity. Very similar to the auto-fill feature in modern browsers. It wouldn't require any special integration from websites or application developers.
Quote:
Originally Posted by Yojimbo007
1) Fingerprint sensor is cool. I dont see the concern of the first comment posted here.
2) It can be a local process of authentication on the device... Independent of remote sites.
3) Plus i feel it will be mainly for authentication of the phone user to get past lock screen... And apps on iphone.
4) If it ever gets expanded to act as log in authentication for remote sites.. It will just be fantastic.
Numbered above to reply:
1) It may be cool tech, but scary/creepy.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
Quote:
Originally Posted by Gazoobee
I hope this isn't true. It would make far more sense to integrate it into the screen.
Especially since they just spent millions buying a company with world-leading technology that does exactly that.
why not make the home button the same as the screen, much like the glass trackpad? Actually, if they made the home button as a mini trackpad, that would allow swipe gestures also.
Lest anyone think biometrics are "safe". Read this article at news.com.au:
Theft of Fingerprints Easier than Cutting Off a Finger, Security Experts Warn
Of course there's always the cut off your finger method as well.
People need to stop and think about this:
- when your password is compromised, you can make a new one in 5 minutes.
- what do you do when your fingerprint is compromised?
There's no alternative except returning to passwords, because you can't change your body. At that point you are back to using passwords AND your fingerprint has been compromised, so you are unequivocally worse off than before.
It doesn't surprise me that many people aren't thinking about this, it does surprise me that it seems almost no one is.
This is a gratuitously insulting statement. Samsung is one of the most innovative companies on the planet, they have a tried and true strategy already in place. They simply copy it now and work out the detail later in the courtroom.
Quote:
Originally Posted by Blah64
Lest anyone think biometrics are "safe". Read this article at news.com.au:
Theft of Fingerprints Easier than Cutting Off a Finger, Security Experts Warn
Of course there's always the cut off your finger method as well.
People need to stop and think about this:
- when your password is compromised, you can make a new one in 5 minutes.
- what do you do when your fingerprint is compromised?
There's no alternative except returning to passwords, because you can't change your body. At that point you are back to using passwords AND your fingerprint has been compromised, so you are unequivocally worse off than before.
It doesn't surprise me that many people aren't thinking about this, it does surprise me that it seems almost no one is.
Well that was not encouraging lol
I gather Apple could use this as a soft passcode approach, whereby a password would be required to access sensitive data on the phone or to unlock it. However, if the data is kept only on the phone, then the phone would have to be hacked to gain the biometric data, and having a hacked phone circumvents the need to gain the biometric data to hack the phone. Although if getting to your biometric data is the objective and the phone is easier to hack than a back, then that is a problem also.
I guess to be sure, we need finger, voice, retina, and a password. Or no phone at all :P
Quote:
Originally Posted by AnalogJack
This is a gratuitously insulting statement. Samsung is one of the most innovative companies on the planet, they have a tried and true strategy already in place. They simply copy it now and work out the detail later in the courtroom.
I agree. That has worked well thus far, why change it? :P
Oh, and much cheaper than all that pesky R&D stuff.
The other thing to consider though is that people have to remember passwords and because of the rise in computing power, we need longer and longer ones:
http://news.cnet.com/8301-1009_3-57558223-83/no-password-is-safe-from-this-new-25-gpu-computer-cluster/
"Using a brute force method, the cluster is capable of guessing every single eight-character password containing letters, numbers, and symbols in 5.5 hours. The cluster is running Virtual OpenCL, a platform that makes the GPUs believe they're all functioning together in a desktop computer"
And they wouldn't use brute force normally so you can bet even longer passwords are feasible these days.
I don't like usernames and passwords either and static data like biometrics is not enough. Biometrics would work if the scanner could test vital signs. In other words, you'd only pass a retinal scan if the scanner could verify that it was sampling an actual eye and not being tricked with just the data. But obviously computers can be tricked in many ways so that's a very difficult problem to overcome.
If we stick with passwords, we're going to need something a lot better than just remembering longer phrases. At the very least to save time typing it in.
One approach to get round the passwords might be the following:
- there could be a very large encryption key in a file on a smartphone or computer protected with a simple gesture or code
- there would be a similarly large key on the server
- when you go to authenticate something online, they'd send a random message to you that has been operated on using the server key
- you would then take that message, type in your simple passcode and allow your smartphone to operate on the message using your local key
- once the server gets the message back again, it can tell the local key and server key match
This is basically what can be used for SSH authentication:
https://wiki.archlinux.org/index.php/SSH_Keys
but it protects your local keys behind a simple protection.
No server exploits are possible because a hacker would only get a single key. If someone steals your phone or computer, they'd have to guess the gesture or keycode to decrypt the larger key and still have to figure out what services the person used and possibly their username. By that time, the victim of the theft simply gets a new key issued without having to guess a new passcode or gesture. Multiple complex keys can be stored behind a basic local barrier and this barrier could even be a biometric one. This biometric data would never be sent to a server. Biometrics plus a simple pass key or gesture would be even stronger.
I personally get tired of using password schemes. I make up unique passwords for about 20 or so services and then write them in a local encrypted dmg with a strong code in case I forget but it's such a pain having to remember them all. The benefit to passwords and biometrics alone is that you always have them with you so you could log into a service from another computer but I think we're going to have to start using longer computer generated keys and they can be put on SD cards if needs be.
Yes, in its simplest form, it would be an authentication process as soon as you tap the home button without requiring a passcode. The extension to simplifying online passwords is just a need that it might be able to help with in some way. Apple's advantage has always been doing the software and hardware together so there can be uses beyond the unlock. It can be used to authenticate App Store purchases or any number of things if it's done in the right way.
Quote:
Originally Posted by Blah64
Numbered above to reply:
1) It may be cool tech, but scary/creepy.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
Fingerprint/Faceprint systems do not store images of your finger/face. They store a small set of "vectors" extracted from the image by the recognition algorithms, which are then encrypted. Even if you decrypted the vectors, you would not be able to recreate the original finger/face image. In addition, the "feature space" of a finger/faceprint is much larger than that of a typical password (which might be only six characters long, consisting of only letters and numbers for a "space" of 26 to the 6th power. These vectors are akin to the hashes that password based systems store. Compromising such a system does not reveal passwords, just the hashes for them. If the hash key is large enough, it is computationally impractical to work out the original password, unless it's in any of the widely available online dictionaries. The vastly larger feature space of a set of finger/face vectors makes brute force decryption impractical. As your fingerprint vectors would never leave the phone, there would be no chance of building dictionaries of them on the web.
The benefit of Authentec's sensing technology is that it requires a physical finger. It is not an optical sensor, so a photograph of a fingertip cannot fool it.
When you present your finger/face to a recognition system, it extracts the vectors from the image it takes of your finger/face and computes a degree of fit with those vector sets it knows. If the system accepts a large number of authorized users (for example a building security system), it must find the best fit from amongst a large collection of vector sets, which often produces recognition errors. If the system is simply checking for the presence of one or two owners, recognition accuracy can be quite high.
To use a fingerprint sensor as the key to opening a Keychain like password system makes sense to me. The vagaries of various website and app password systems can be handled by the internal plumbing of Keychain. Rather than annoying me with constant prompts to enter my user/admin password, a quick press of the home button (or some region of the screen) seems both easier and less prone to hacking. You can't look over my shoulder to learn the physical characteristics of my fingertip. You can see what I type.
Quote:
Originally Posted by Richard Getz
why not make the home button the same as the screen, much like the glass trackpad? Actually, if they made the home button as a mini trackpad, that would allow swipe gestures also.
Well it wouldn't be a button if it was part of the screen. One of it's uses is that it allows blind people to use the phone. It has to be a physical button for that to work.
Quote:
Originally Posted by Gazoobee
For reasons to many to mention that have been discussed over and over again ... the Home button is not going anywhere. It's a central part of the entire design, everyone likes it, and removing it would serve no purpose.
Also ... edge to edge screens? What have you been smoking?
The home button is an archaism. The era of edge-to-edge button-less design is coming and nothing can stop it.
Quote:
Originally Posted by Blah64
Numbered above to reply:
1) It may be cool tech, but scary/creepy.
I cannot believe there isn't one single response so far that even considers the fact that having your fingerprints in a mobile device is extremely creepy from a privacy standpoint. Fingerprints are used to track criminals, not "regular" folks, egads.
2) This is the only thing I've seen in all 61 posts so far that even hints at the biggest problem. For that, you get props.
Everyone, listen: you, as a user, have virtually zero control or even knowledge of what data goes out to application providers on your mobile device. With ANY app, period. Certain bits of data have some minor protections built into the OS, but in general, you should consider almost anything you put into your mobile device to be available to at the very least the authors of the app. Once your data has reached their servers, you might as well consider it public information. It may not happen this week or even this year, but data that sits on servers connected to the internet is almost always eventually either sold, misused or pilfered.
I do not want my fingerprints (or faceprint, for that matter) to be tracked and sold by ANYONE, and I can't understand why no one is paying attention to this.
3) This makes some sense. The problem is in keeping that data local to the device. I just don't know how it's possible to be assured of that over time.
4) I don't agree. It would then be a single point of failure for virtually anything and everything you do on your mobile device. Never a good idea from a security standpoint. But it seems these days people in their never ending quest to save 3 seconds, ignore security (and privacy) issues. Very sad.
No personal insult intended here but this is all paranoid nonsense IMO. Why exactly would this be "creepy"?
I remember this was a common point of view in the 1970's but I think we've kind of moved on from there. I also think your assessment of what information can be extracted from the phone by app developers to be over-the-top and likely based more on fear than facts.
My only concern with this tech is the fact that the ones I've tried always want you to use the fingerprint on your index finger, and I don't happen to have one. So that's always kind of frustrating. I trust Apple will give us the option of which finger to use however, as they usually think of things like that.
Quote:
Originally Posted by jason98
The home button is an archaism. The era of edge-to-edge button-less design is coming and nothing can stop it.
Only if you believe everything you read on the web verbatim. Which it seems you do.
Wait a minute ... you just read what I wrote on the web and you *didn't* believe it.
Hmmm .... It must be that you just believe everything you read that has cool renders and video attached.
Yeah, that's it.
Quote:
Originally Posted by markbriton
... I'm also shocked at how many people I know who have no Passcode lock at all on their phone, despite the sheer amount of information stored on iPhones from email to banking etc.
Well, there is no way to store your passwords on the phone. Unless you are foolish enough to put them in a text file.
So it's not like possession of the phone equals possession of access to your bank.
I like your analysis of the home button as fingerprint scanner issue though. I think you are 100% correct on that.
This reminds me of the fingertip pattern unlocking that was popular on touch PDAs for a short while around the turn of the century.
A whole mini-industry and lots of scientific research sprang up over what patterns were most secure, etc.
Then, of course, people belatedly noticed that their fingers left a grease trail that showed what the unlock pattern was. D'oh!! Since a stylus was usually used for every other interaction, the unlock pattern was clear as a bell.
After that, pattern unlocking disappeared as a security option for a long time. Even Apple didn't use it for security, but instead just used it for simple unlock.
--
Re: fingerprints. Cheap visual sensors can be fooled. Better ones look for live person hints, like perhaps body heat. Some have very fine capacitive sensors that actually map out the live person's fingerprint ridges. In other words, a picture or even a cut-off finger won't work.
In any case, as others have pointed out, they shouldn't worry about a bio-metric theft or sales situation. This kind of info is usually kept only inside that particular device. If you use a different device, you'll need to enter your fingerprint again.