I would imagine this complements your actual password rather than replaces it as you still need to enter a password on your mac. It does have one attribute a password does not: it cannot be shared.
until someone cuts your finger off;-)
This gets to the lowest level of '2 Factor' Authentication that is critical for just about any serious internet transaction authentication. (note... we still need better transport[in motion] encryption, and storage [at rest] encryption). Most people are installing a encrypted cert/cookie into apps upon first authentication to make the phone/pad a 'token,' but it's a weak sauce.
Any 2 of the 3 below are
The combination of:
- Something you uniquely have and cannot be copied (a 'hard token' a 1 time password generator fob [hard token], a plug in USB key with a soft token, or a private Key Cert)
- Something you uniquely know (can be copied, but is something that is secret to only you.)
- Something you are (fingerprint, retina scan, dna)
The fact that the authentec technology is more real-time than a fingerprint or swipe (looks for the blood vessels to live cells), gets you past the Mission Impossible/Bourne Supremacy lift a print, record a voiceprint to open the biometric safe (the hard token is something that when missing is missed).
Once hashed at the device side, these then become unreversable (one can't make your fingerprint out of it), and they best have a timestamp included to stop replay attacks.
So if you...
1) use a strong password on your iDevice (something you know), with a 10 try lockout/alarm/erase.
this is a big deal... a 5-6 character using letters, symbols and numbers, with a 10 try lockout
2) then enable fingerprint biometric authentication (something you are)
to unlock any apps that do money transactions, which likely unlocks a local private key to identify
you as you to your ecommerce facilitator (I trust the app, I trust the private key assigned to you by
me in that app if your fingerprint was used to create it, and then release it to me.
You're probably certain it's your recently living finger and your memory executing the transaction
All bets are off for the 'beat you with a wrench' scenario. (XKCD.com)
I decided to look up Ming's predictions this and was remarkably surprised to read his time estimations were much more accurate than any other analyst (especially Brian White). Ming started on Jan. 16th with a June/July release of iPhones. Jan 20th Q3. Jan 25th Q3. Mar 4th July. Mar 5th June announcement, Jul rollout. Mar 21st Q3. Apr 11th launch later than market consensus. Jul 22nd late Sept. Jul 23rd iPhone Lite early Sept, 5S later.
On Apr 2nd, the extraordinarily reputable WSJ provided its analysis... It was a fun read that reminded why I stopped buying the WSJ. I would rather read predictions from DigiTimes! :-)))
Then you'd need to fall back to typing in a password. And if your fingers were chopped off completely, then you'd need to revert to using another fallback to enter your credentials, like asking for help.
You should still be able to dial 911 (or similar emergency service number in other countries) without fully unlocking the iPhone. That works even if the iPhone has not been activated yet.
That's decapitation thus rendering Android's face unlock useless. :smokey:
I believe that an Apple user's thumb is far more valuable than a Fandroid's head, in terms of financial gain. Based on various statistics and data that we have all seen these past years, what is there to be gained by chopping off a Fandroid's head? Is there anything of value really stored on the phone?
If I were a criminal, I'd much rather have an Apple thumb instead of a Fandroid head.
How do you know that? It will take however long it needs to based on the scanner hardware, software algorithms, dirt/dust, finger position, and quality of the fingerprint capture.
Some reasonable assumptions: once the setup has been done, the software need only match the current scan with what it holds in memory. Given that Apple is going to use this in the home button of the iPhone, I think we can rest assure that it has some appropriate fault tolerance to account for slightly off-center thumbs, grease and dirt on the button, etc. It would be sort of surprising if Apple shipped an iPhone with a fussy, have to try several times and get it just right unlock function.
So then we can consider that this wouldn't be a flatbed scanner that has to pass a mechanical slit over the thing to be scanned, but rather a sensor that takes its impression all at once.
Given all that, how long to trigger, take its image and match? I'm going to say less than a second. I don't know, of course, but matching the read to the one stored in memory would be near instantaneous, and I can't see how the imaging process would be anything but near instantaneous. So a second may be generous.
Also, as far as damage to or loss of your thumb: seems pretty likely that you would input your passcode to get access to settings, then re-initiate the scan setup procedure with the modified or different digit.
I'm convinced they're adding the fingerprint reader, but I'm not convinced it will be under the home button.
Remembering the recent patent filing for tech that allows the fingerprint reader to be integrated within the display itself, I started considering that they may be eliminating the physical home button altogether.
So yes, it may be "under the home button", but the button itself might be a touchscreen button instead of a physical one.
Looking at the design of iOS 7, in particular the way the lock screen feels, adds to my thinking it's a real possibility.
Total speculation on my part, of course...
Even if they keep the physical home button (one of the single most common points of failure on iPhone handsets by the way), I still think it could end up "under the screen" rather than under the button itself.
Can't wait to see what's in store!
[EDIT] OK. I read that plist file a few times more carefully. ASSUMING it will remain a physical button, then yeah… it sure looks like the sensor is going under there.
In any case, I need Apple to promise me there is no way EVER for this device to "photograph" my thumbprint, upload that image, and connect it to my device, usage, and other personal details via metadata. PROMISE ME!
Then you'd need to fall back to typing in a password. And if your fingers were chopped off completely, then you'd need to revert to using another fallback to enter your credentials, like asking for help.
The most important question for me is: Is this still a physical button? Because I really HATE that stupid home button! It never does what I intend to do. I press once and it register randomly one, two or three presses. I HATE IT!
no love lost here either, but… it sounds like you should take yours in to have it looked at. Really, mine never does that.
Take better care of it, then. I certainly hope it's still physical. We'll have users whining about how their phone locked up and there was "nothing they could do" otherwise.
You'd still have the 'on/off' button up top…
I'm not sure how one would accomplish a 'hard reset' without the home button though (a hard reset being: "press and hold both the on/off and home buttons simultaneously. Hold them until the Apple logo appears (ignore the "slide to power off" message that appears in between)". Restarting this way will take quite a bit longer than a simple 'power cycle', but it's a hard reboot and helps to clear caches, stuck memory, etc…).
Without the physical home button, how would this be accomplished? Otherwise, I see no good reason to keep it physical...
I believe that an Apple user's thumb is far more valuable than a Fandroid's head, in terms of financial gain. Based on various statistics and data that we have all seen these past years, what is there to be gained by chopping off a Fandroid's head? Is there anything of value really stored on the phone?
If I were a criminal, I'd much rather have an Apple thumb instead of a Fandroid head.
You have just rendered your Avatar tagline meaningless….
You'll have to change it to "The Diginator" now, or something….
Comments
Quote:
Originally Posted by herbapou
boy, we are so close of breaking $450 today. There is major resistance there.
Yeap, good short right there at resistance!
Quote:
Originally Posted by dugbug
I would imagine this complements your actual password rather than replaces it as you still need to enter a password on your mac. It does have one attribute a password does not: it cannot be shared.
until someone cuts your finger off;-)
This gets to the lowest level of '2 Factor' Authentication that is critical for just about any serious internet transaction authentication. (note... we still need better transport[in motion] encryption, and storage [at rest] encryption). Most people are installing a encrypted cert/cookie into apps upon first authentication to make the phone/pad a 'token,' but it's a weak sauce.
Any 2 of the 3 below are
The combination of:
- Something you uniquely have and cannot be copied (a 'hard token' a 1 time password generator fob [hard token], a plug in USB key with a soft token, or a private Key Cert)
- Something you uniquely know (can be copied, but is something that is secret to only you.)
- Something you are (fingerprint, retina scan, dna)
The fact that the authentec technology is more real-time than a fingerprint or swipe (looks for the blood vessels to live cells), gets you past the Mission Impossible/Bourne Supremacy lift a print, record a voiceprint to open the biometric safe (the hard token is something that when missing is missed).
Once hashed at the device side, these then become unreversable (one can't make your fingerprint out of it), and they best have a timestamp included to stop replay attacks.
So if you...
1) use a strong password on your iDevice (something you know), with a 10 try lockout/alarm/erase.
this is a big deal... a 5-6 character using letters, symbols and numbers, with a 10 try lockout
2) then enable fingerprint biometric authentication (something you are)
to unlock any apps that do money transactions, which likely unlocks a local private key to identify
you as you to your ecommerce facilitator (I trust the app, I trust the private key assigned to you by
me in that app if your fingerprint was used to create it, and then release it to me.
You're probably certain it's your recently living finger and your memory executing the transaction
All bets are off for the 'beat you with a wrench' scenario. (XKCD.com)
I can already foresee the spike in the crime of dedigitation.
On Apr 2nd, the extraordinarily reputable WSJ provided its analysis... It was a fun read that reminded why I stopped buying the WSJ. I would rather read predictions from DigiTimes! :-)))
Hats off to you, sir.
A tweetybird pops up and says "I hurt my wittle thumb" and you pwess "ok."
I'll say it before he does this time: shut up.
Quote:
Originally Posted by ankleskater
I can already foresee the spike in the crime of dedigitation.
Horror stories of the Mexican mafias come to mind on that one...
That's decapitation thus rendering Android's face unlock useless. :smokey:
You should still be able to dial 911 (or similar emergency service number in other countries) without fully unlocking the iPhone. That works even if the iPhone has not been activated yet.
I believe that an Apple user's thumb is far more valuable than a Fandroid's head, in terms of financial gain. Based on various statistics and data that we have all seen these past years, what is there to be gained by chopping off a Fandroid's head? Is there anything of value really stored on the phone?
If I were a criminal, I'd much rather have an Apple thumb instead of a Fandroid head.
Quote:
Originally Posted by dasanman69
That's decapitation thus rendering Android's face unlock useless.
They also sever fingers for ransom purposes. Some Americans got screwed by that one.
Quote:
Originally Posted by techguy911
How do you know that? It will take however long it needs to based on the scanner hardware, software algorithms, dirt/dust, finger position, and quality of the fingerprint capture.
Some reasonable assumptions: once the setup has been done, the software need only match the current scan with what it holds in memory. Given that Apple is going to use this in the home button of the iPhone, I think we can rest assure that it has some appropriate fault tolerance to account for slightly off-center thumbs, grease and dirt on the button, etc. It would be sort of surprising if Apple shipped an iPhone with a fussy, have to try several times and get it just right unlock function.
So then we can consider that this wouldn't be a flatbed scanner that has to pass a mechanical slit over the thing to be scanned, but rather a sensor that takes its impression all at once.
Given all that, how long to trigger, take its image and match? I'm going to say less than a second. I don't know, of course, but matching the read to the one stored in memory would be near instantaneous, and I can't see how the imaging process would be anything but near instantaneous. So a second may be generous.
Also, as far as damage to or loss of your thumb: seems pretty likely that you would input your passcode to get access to settings, then re-initiate the scan setup procedure with the modified or different digit.
Remembering the recent patent filing for tech that allows the fingerprint reader to be integrated within the display itself, I started considering that they may be eliminating the physical home button altogether.
So yes, it may be "under the home button", but the button itself might be a touchscreen button instead of a physical one.
Looking at the design of iOS 7, in particular the way the lock screen feels, adds to my thinking it's a real possibility.
Total speculation on my part, of course...
Even if they keep the physical home button (one of the single most common points of failure on iPhone handsets by the way), I still think it could end up "under the screen" rather than under the button itself.
Can't wait to see what's in store!
[EDIT] OK. I read that plist file a few times more carefully. ASSUMING it will remain a physical button, then yeah… it sure looks like the sensor is going under there.
In any case, I need Apple to promise me there is no way EVER for this device to "photograph" my thumbprint, upload that image, and connect it to my device, usage, and other personal details via metadata. PROMISE ME!
Quote:
Originally Posted by Corrections
Then you'd need to fall back to typing in a password. And if your fingers were chopped off completely, then you'd need to revert to using another fallback to enter your credentials, like asking for help.
"Siri… call an ambulance…"
?
Quote:
Originally Posted by NelsonX
The most important question for me is: Is this still a physical button? Because I really HATE that stupid home button! It never does what I intend to do. I press once and it register randomly one, two or three presses. I HATE IT!
no love lost here either, but… it sounds like you should take yours in to have it looked at. Really, mine never does that.
Quote:
Originally Posted by Tallest Skil
Take better care of it, then. I certainly hope it's still physical. We'll have users whining about how their phone locked up and there was "nothing they could do" otherwise.
You'd still have the 'on/off' button up top…
I'm not sure how one would accomplish a 'hard reset' without the home button though (a hard reset being: "press and hold both the on/off and home buttons simultaneously. Hold them until the Apple logo appears (ignore the "slide to power off" message that appears in between)". Restarting this way will take quite a bit longer than a simple 'power cycle', but it's a hard reboot and helps to clear caches, stuck memory, etc…).
Without the physical home button, how would this be accomplished? Otherwise, I see no good reason to keep it physical...
Quote:
Originally Posted by Flaneur
A tweetybird pops up and says "I hurt my wittle thumb" and you pwess "ok."
I'll say it before he does this time: shut up.
Phuck off. Go make up some facts like you usually do.
Quote:
Originally Posted by Apple ][
I believe that an Apple user's thumb is far more valuable than a Fandroid's head, in terms of financial gain. Based on various statistics and data that we have all seen these past years, what is there to be gained by chopping off a Fandroid's head? Is there anything of value really stored on the phone?
If I were a criminal, I'd much rather have an Apple thumb instead of a Fandroid head.
You have just rendered your Avatar tagline meaningless….
You'll have to change it to "The Diginator" now, or something….