So maybe I'm in the minority here, but I think putting Touch ID on a MacBook is a dumb idea. The reason is that it is not a fluid experience. What if you don't use the laptop directly and instead plug into a monitor and external keyboard? Then you would need it in an external keyboard too. Or trackpad.
I think the better idea is to apply the inherit security of a personal device to a slightly less personal device. For instance.... If you have an Apple Watch on and get near your computer, it unlocks. When you walk away from your computer, it automatically locks again. The same can be done with an iPhone. Just have your unlocked phone near the device and login.
Now... couple this with the ability to wirelessly access information on the device securely and seamlessly... and you have a winner.
I don't think Apple will risk having your fingerprint anywhere except a secure enclave.
I think the idea is that they could create a mathematical hash that would let them validate a fingerprint, but wouldn't actually *be* a fingerprint itself. Similar to storing a password hash. You know if the password is correct, but you don't know what the password is.
I get what you're saying, but I don't think it's as secure as each device having its own security model that is independent of other devices. Keeping it independent means that it's secure against possible flaws in the transmission system.
I can see a case where a security researcher intercepts the transmission of the password hash and substitutes it with a piece of data that causes a buffer overrun. This could be used to crash the phone or cause the security system to fail, allowing any fingerprint to open the device.
It takes about a minute to set up a fingerprint on an iDevice; I'm not sure transmitting password hashes is worth the risk, just to save a few minutes.
Funny that that's the new playbook. Wait around for rumors about Apple products and then rush out a product. I'm sure there are 10 companies right now trying to figure out how/why to add an oled bar to their keyboards
It's not that new. It's certainly been the MO since everyone was blindsided by the iPhone.
So will Apple start to roll out Touch ID in the cloud? They had a patent issued sometime ago for this whereby the hashed numerical representation of your fingerprint (that can't be reversed to actually produce your fingerprint) could be stored in the cloud, and devices could check your scanned print against this stored print to see if it's really you.
If you had an iPhone with Touch ID and then purchased another Touch ID device (MacBook or iPad), then you could simply get the hashed data from the cloud and load it onto your new device without having to learn your fingerprint(s) all over again. And if you added another finger to one device, it would then be available on all devices.
I doubt they will. Each TouchID sensor in the current system produces a unique hash for each finger and each time the system is reset. There is little value in storing the hash in that system as you can't pass them to another TouchID sensor to verify the ID.
On a related note TouchID means secure enclave on board and that means embedded AppleSIM is included in the package for free. I think we will finally see MacBooks get a cellular Network Option along with the TouchID.
So maybe I'm in the minority here, but I think putting Touch ID on a MacBook is a dumb idea. The reason is that it is not a fluid experience. What if you don't use the laptop directly and instead plug into a monitor and external keyboard? Then you would need it in an external keyboard too. Or trackpad.
I think the better idea is to apply the inherit security of a personal device to a slightly less personal device. For instance.... If you have an Apple Watch on and get near your computer, it unlocks. When you walk away from your computer, it automatically locks again. The same can be done with an iPhone. Just have your unlocked phone near the device and login.
Now... couple this with the ability to wirelessly access information on the device securely and seamlessly... and you have a winner.
So if I don't own an Apple Watch or an iPhone or my iPhone is upstairs I get penalised and need to type my password? That's not good design. The side cases you mention will obviously be baked into the design. And remotely you can enter your password anyway.
Well it's hardly a penalty when in that situation you will be no worse off than current. Still I think having TouchID on device is still a better option than requiring a second device.
So will Apple start to roll out Touch ID in the cloud? They had a patent issued sometime ago for this whereby the hashed numerical representation of your fingerprint (that can't be reversed to actually produce your fingerprint) could be stored in the cloud, and devices could check your scanned print against this stored print to see if it's really you.
If you had an iPhone with Touch ID and then purchased another Touch ID device (MacBook or iPad), then you could simply get the hashed data from the cloud and load it onto your new device without having to learn your fingerprint(s) all over again. And if you added another finger to one device, it would then be available on all devices.
I don't think many people are going to want to have their fingerprint data stored in the cloud. However well it may be protected.
So maybe I'm in the minority here, but I think putting Touch ID on a MacBook is a dumb idea. The reason is that it is not a fluid experience. What if you don't use the laptop directly and instead plug into a monitor and external keyboard? Then you would need it in an external keyboard too. Or trackpad.
I think the better idea is to apply the inherit security of a personal device to a slightly less personal device. For instance.... If you have an Apple Watch on and get near your computer, it unlocks. When you walk away from your computer, it automatically locks again. The same can be done with an iPhone. Just have your unlocked phone near the device and login.
Now... couple this with the ability to wirelessly access information on the device securely and seamlessly... and you have a winner.
So if I don't own an Apple Watch or an iPhone or my iPhone is upstairs I get penalised and need to type my password? That's not good design.
Penalised? That's exactly the situation that you have now.
So if I don't own an Apple Watch or an iPhone or my iPhone is upstairs I get penalised and need to type my password? That's not good design. The side cases you mention will obviously be baked into the design. And remotely you can enter your password anyway.
Well it's hardly a penalty when in that situation you will be no worse off than current. Still I think having TouchID on device is still a better option than requiring a second device.
It's a penalty if the latter option exists. It's a design penalty. "But what if the users phone is across their house?" These are questions a good designer would ask themselves. "Why should the user have to suffer and go back to the old method of manually entering a password? Yeah, building it in makes more sense."
So if I don't own an Apple Watch or an iPhone or my iPhone is upstairs I get penalised and need to type my password? That's not good design.
Penalised? That's exactly the situation that you have now.
It's called progress. What's normal now will be archaic in 10 years. "You mean back in the day you had to manually enter your password? Yuck." Yes, I used the word penalised. Good design in this scenario is preventing the user from having to enter their password. Lazy bastard design doesn't think of these things. Or worse, blames the user.
This SmartBar/MagicBar sounds interesting, but I cannot help think Touch ID across the whole trackpad is a better idea. Even if it costs more. Given they are about to make the entire F-row a display I don't think the idea of a full Touch ID trackpad is infeasible.
This is the twist I would expect from Apple. Not only is your finger print used, but a combination of fingers can actually be used.
So maybe I'm in the minority here, but I think putting Touch ID on a MacBook is a dumb idea. The reason is that it is not a fluid experience. What if you don't use the laptop directly and instead plug into a monitor and external keyboard? Then you would need it in an external keyboard too. Or trackpad.
I think the better idea is to apply the inherit security of a personal device to a slightly less personal device. For instance.... If you have an Apple Watch on and get near your computer, it unlocks. When you walk away from your computer, it automatically locks again. The same can be done with an iPhone. Just have your unlocked phone near the device and login.
Now... couple this with the ability to wirelessly access information on the device securely and seamlessly... and you have a winner.
Which costs less, an Watch or a trackpad?
Your scenario is a little confusing? I'm assuming that you're saying the MacBook is plugged into an external monitor and keyboard, so of course you'd have to buy an external keyboard, and a mouse or trackpad to use it that way. Is you're point you'd have to buy a Touch ID keyboard or trackpad? Again, which costs less, the watch or the new peripheral?
And here's the problem with limiting it to the watch, many families, schools and corporations share laptops. If it relies on the watch, then nobody could use the Secure Element without a watch or iPhone. And what happens if you leave the phone by the Mac when you walk away? Where's the security there? And what happens if you leave your phone in your office? Or what if you're company issued phone is an Android? Yes there's still a passcode option, but seriously, most people use their MacBooks with the built-in track pad and keyboard. So why not both options?
ireland said:Good design in this scenario is preventing the user from having to enter their password. Lazy bastard design doesn't think of these things. Or worse, blames the user.
But blaming the user for not owning something they don’t want to own... isn’t bad design. Okay.
Penalised? That's exactly the situation that you have now.
It's called progress. What's normal now will be archaic in 10 years. "You mean back in the day you had to manually enter your password? Yuck." Yes, I used the word penalised. Good design in this scenario is preventing the user from having to enter their password. Lazy bastard design doesn't think of these things. Or worse, blames the user.
Good design is keeping the computer secure. The user having their phone or watch in proximity provides that security coupled with a convenience, and if neither are present then a password is the fallback. That is progress, since that's two workable solutions that cover a huge proportion of user scenarios. A high proportion of Mac users are iPhone users, and iPhone users will tend to have their iPhone within a close range of their Mac when they want to use it. If they don't, oh well, at least there's a password.
No one, not even Apple, can please all of the people all of the time.
It's a shame this couldn't be achieved using generic Bluetooth Events, but I imagine exposing system unlock functionality would present some severe security challenges.
I never use power button on my MacBook. Why do I need to use it multiple times a day? You'll touch the touchpad anyway. Why need to touch another area to logon? As long as touchpad doesn't retain the fingerprint, I'm okay with Touch ID implementation under it. Still, Touch ID in MacBook is overkilled imo!
Last time I checked, no PC manufacturer even comes close to making a respectable trackpad.
The industry as a whole is about 7 years behind Apple on trackpads.
Absolutely right. Every time I used PC touchpad, I wanted to break that laptop. Talking about touchpad, Apple is the king!
I don't know that it's entirely the hardware at fault. (Although the hardware typically is crap.) I've tried to use Windows on my Mac (through VMs and remote access) and Windows sucks with a trackpad. I actually prefer to use Mac OSX with the Magic Trackpad these days, but Windows needs a mouse. The UI is just such a mess.
Comments
I can see a case where a security researcher intercepts the transmission of the password hash and substitutes it with a piece of data that causes a buffer overrun. This could be used to crash the phone or cause the security system to fail, allowing any fingerprint to open the device.
It takes about a minute to set up a fingerprint on an iDevice; I'm not sure transmitting password hashes is worth the risk, just to save a few minutes.
Each TouchID sensor in the current system produces a unique hash for each finger and each time the system is reset.
There is little value in storing the hash in that system as you can't pass them to another TouchID sensor to verify the ID.
On a related note TouchID means secure enclave on board and that means embedded AppleSIM is included in the package for free.
I think we will finally see MacBooks get a cellular Network Option along with the TouchID.
Well it's hardly a penalty when in that situation you will be no worse off than current. Still I think having TouchID on device is still a better option than requiring a second device.
It's called progress. What's normal now will be archaic in 10 years. "You mean back in the day you had to manually enter your password? Yuck." Yes, I used the word penalised. Good design in this scenario is preventing the user from having to enter their password. Lazy bastard design doesn't think of these things. Or worse, blames the user.
Which costs less, an Watch or a trackpad?
Your scenario is a little confusing? I'm assuming that you're saying the MacBook is plugged into an external monitor and keyboard, so of course you'd have to buy an external keyboard, and a mouse or trackpad to use it that way. Is you're point you'd have to buy a Touch ID keyboard or trackpad? Again, which costs less, the watch or the new peripheral?
And here's the problem with limiting it to the watch, many families, schools and corporations share laptops. If it relies on the watch, then nobody could use the Secure Element without a watch or iPhone. And what happens if you leave the phone by the Mac when you walk away? Where's the security there? And what happens if you leave your phone in your office? Or what if you're company issued phone is an Android? Yes there's still a passcode option, but seriously, most people use their MacBooks with the built-in track pad and keyboard. So why not both options?
No one, not even Apple, can please all of the people all of the time.
It's a shame this couldn't be achieved using generic Bluetooth Events, but I imagine exposing system unlock functionality would present some severe security challenges.
You meant in IBM Thinkpad? Lol...implementation in Thinkpad was pos!