While each of those may be individually compromised, they each have their difficulties. In the case of the phone with fingerprint authentication, physical possession of the phone plus the correct fingerprint represent a double, rather than triple requirement, but even if the reported hack is real, that is still pretty secure, given the likelihood of someone having the resources and the incentive to pull off such a complex process. Much harder than just stealing a credit card, for example.
Do you think they will stole your iPhone and THEN ask "Well, now what do I do?". No, they will steal hundreds of iPhones and have everything prepared. It's gone be an investment for them. When they steal your credit card numbers they invest first in tiny cameras and magnetic readers to be able to read your card and see when you type your pin. Now they will just invest in whatever is necessary to read your fingerprints from your phone. Probably there will be kits ready for this and how to manuals.
I think the Pattern Unlocking from Android and Windows phones is the best method for security on the phone. I don't think is better than a 20 character random password but much better than a 4 number pin or this fingerprint gimmick!
…better than a 4 number pin or this fingerprint gimmick!
Implying the 4# pin is the only possible password. And implying that fingerprinting done correctly is a gimmick.
My only wish is that Apple would make the lock screen keyboard the same as the system keyboard. You can only type a password in the language to which the device is set right now, but some of us would prefer using other character sets for passwords.
"This "complex process" of breaking fingerprint authentication has been around for years"
Yet that technique is worthless without a good hi-res fingerprint image. Which will be the case in most instances of a stolen phone.
Yet many here ridiculed the competition for having fingerprint scanners that could be bypassed using this 'complex process', and swore that Apple's way wouldn't be able to be bypassed in the same manner. What's superior to the competition is its incorporation into the home button.
Yet many here ridiculed the competition for having fingerprint scanners that could be bypassed using this 'complex process', and swore that Apple's way wouldn't be able to be bypassed in the same manner. What's superior to the competition is its incorporation into the home button.
Well that "competition" is very busy ridiculing itself eh? Motorola has one short memory... as the Atrix, IIRC, is the only cell that had a fingerprint tech unlock?
While each of those may be individually compromised, they each have their difficulties. In the case of the phone with fingerprint authentication, physical possession of the phone plus the correct fingerprint represent a double, rather than triple requirement, but even if the reported hack is real, that is still pretty secure, given the likelihood of someone having the resources and the incentive to pull off such a complex process. Much harder than just stealing a credit card, for example.
Do you think they will stole your iPhone and THEN ask "Well, now what do I do?". No, they will steal hundreds of iPhones and have everything prepared. It's gone be an investment for them. When they steal your credit card numbers they invest first in tiny cameras and magnetic readers to be able to read your card and see when you type your pin. Now they will just invest in whatever is necessary to read your fingerprints from your phone. Probably there will be kits ready for this and how to manuals.
They will do all that to achieve what, exactly? Make phone calls and download some apps and music from your iTunes account?
Well that "competition" is very busy ridiculing itself eh? Motorola has one short memory... as the Atrix, IIRC, is the only cell that had a fingerprint tech unlock?
LG also has a phone coming out with a fingerprint scanner and the rumor is that HTC will as well, but it was fingerprint scanners in general that were ridiculed.
Also, fingerprint authentication is widely used as a security element in situations where high security is required. In conjunction with a single password it adds significant additional complexity to unauthorized access. For example, for protection of classified matter, we use it in combination with a badge swipe and a pass code, a triple requirement of possession of an item, knowledge of a passcode, and the physical presence of the authorized user.
While each of those may be individually compromised, they each have their difficulties. In the case of the phone with fingerprint authentication, physical possession of the phone plus the correct fingerprint represent a double, rather than triple requirement, but even if the reported hack is real, that is still pretty secure, given the likelihood of someone having the resources and the incentive to pull off such a complex process. Much harder than just stealing a credit card, for example.
So in your example, it's part of a COMBINATION of authentication techniques and my point is, by itself, it's useless. Also, if used as a combination with a pass code - you still have to enter the pass code which, them means that it's not more convenient. So, the whole purpose is defeated.
Stealing a credit card sounds like fun except for the part where you need to enter a pin which is a software feature on the authentication server that could be added by merchants at anytime. You can't really do any upgrades to a fingerprint scanner. They've been the same over the years and now just have higher resolution.
This "complex process" of breaking fingerprint authentication has been around for years and is 100 times less complex and cheaper than ATTEMPTING to break a password.
Firstly, it's not useless by itself - even if it proves to be hackable it is likely to be more than adequate security to prevent the vast majority of attempted unauthorized access to a phone, and for that purpose it represents a huge improvement in convenience. For more secure processes one might want to add a password for a 3-step combo.
Credit card transactions could be adapted to require a PIN, at least in the US, they currently do not, so that argument is moot.
If you ever end up with a phone that supports this feature, I'd be curious to know how long it is before you start using it. I predict that it will be hugely popular, and that the incidence of it being hacked is minuscule.
If your emails contain the passwords to access your financial accounts then you probably need to completely rethink your security posture.
They could request a password change and through the email change it. Someone could change your PayPal password and then send money to a account that they set up.
Well that "competition" is very busy ridiculing itself eh? Motorola has one short memory... as the Atrix, IIRC, is the only cell that had a fingerprint tech unlock?
Touch ID was designed to keep your wife from reading txt messages from your girlfriend while you are in the shower. If she suddenly orders a 2400 dpi laser film printer and a high resolution camera with a macro lens, then you might have something to worry about.
If I had a wife then I'd have something to worry about
Having a wife has its good points for sure. I was just kidding about the girlfriend part. No, honestly, honey, I was just kidding, No, I was kidding. I never said I had a girlfriend... No, I didn't.
this is still total FUD. their "fake finger hack" is easy to defeat conclusively.
maybe it has already been noted on this long thread, but you can easily use your index finger knuckle instead of finger tip as your Touch ID print. it's only slightly less ergonomic to do. and basically you do not leave your "knuckleprints" anyplace at all, anytime. certainly not on your phone. so the hackers would have nothing to start with they could ever make a copy of.
when are all the genius on the web going to figure this simple thing out?
Here's another attempt to fill the void between your ears:
You can only GUESS passwords using brute force or word lists (assuming the password is some easy to remember name/ word) or by using a key logging software. Fortunately, key logging software would not make it through to both the App store or Google Play.
Passwords can't be hacked unless you can break encryption which is not possible in most cases as you'd need to be a genius to crack such encryption and if you can do so, you'd paid in hundred of thousands of dollars. This fingerprinting technique would cost a few hundred dollars to less than 2 grand meaning that, it can be easily bought by anyone.
"you can socially engineer a password or phish for one too." - Social engineering and phishing only work on idiots who can't tell the difference between a real website and a fake one by looking at the URL bar and who are gullible enough to provide too much information over the phone to some "customer service rep". Fingerprint lifting can work on ANYONE and you can't change your fingerprint.
The majority of thieves CAN afford the tools to hack your fingerprint but NOT your encrypted password which you can change and is a feature available on all smartphones.
The point is about the fingerprint security by itself. Passwords, by themselves, can't be hacked.
It does not make sense to spend a few hundred dollars more for a fingerprint scanner under the pretence of it being secure. Now the iSheep argue that it's more for convenience. My point is, not locking your phone at all is just as convenient.
Perhaps you can shake those pebbles loose in your skull. Do tell me how they get a clean copy of my fingerprint after they take my phone in first place. Because really all thieves will use gloves and will be extra careful not to smudge any fingerprints on it too. And if I use my pinky finger, how would they get a copy of that. I don't touch my phone with it.
Perhaps you can shake those pebbles loose in your skull. Do tell me how they get a clean copy of my fingerprint after they take my phone in first place. Because really all thieves will use gloves and will be extra careful not to smudge any fingerprints on it too. And if I use my pinky finger, how would they get a copy of that. I don't touch my phone with it.
If your emails contain the passwords to access your financial accounts then you probably need to completely rethink your security posture.
They could request a password change and through the email change it. Someone could change your PayPal password and then send money to a account that they set up.
OK - this is getting silly and I'm rapidly losing interest in the discussion. Does your bank let you change your password with just an email request and no further verification? None of mine do. Nor does Paypal - you need to provide extra security information in the form of answers to security questions.
Comments
While each of those may be individually compromised, they each have their difficulties. In the case of the phone with fingerprint authentication, physical possession of the phone plus the correct fingerprint represent a double, rather than triple requirement, but even if the reported hack is real, that is still pretty secure, given the likelihood of someone having the resources and the incentive to pull off such a complex process. Much harder than just stealing a credit card, for example.
Do you think they will stole your iPhone and THEN ask "Well, now what do I do?". No, they will steal hundreds of iPhones and have everything prepared. It's gone be an investment for them. When they steal your credit card numbers they invest first in tiny cameras and magnetic readers to be able to read your card and see when you type your pin. Now they will just invest in whatever is necessary to read your fingerprints from your phone. Probably there will be kits ready for this and how to manuals.
I think the Pattern Unlocking from Android and Windows phones is the best method for security on the phone. I don't think is better than a 20 character random password but much better than a 4 number pin or this fingerprint gimmick!
"This "complex process" of breaking fingerprint authentication has been around for years"
Yet that technique is worthless without a good hi-res fingerprint image. Which will be the case in most instances of a stolen phone.
Implying the 4# pin is the only possible password. And implying that fingerprinting done correctly is a gimmick.
My only wish is that Apple would make the lock screen keyboard the same as the system keyboard. You can only type a password in the language to which the device is set right now, but some of us would prefer using other character sets for passwords.
Yet many here ridiculed the competition for having fingerprint scanners that could be bypassed using this 'complex process', and swore that Apple's way wouldn't be able to be bypassed in the same manner. What's superior to the competition is its incorporation into the home button.
Yet many here ridiculed the competition for having fingerprint scanners that could be bypassed using this 'complex process', and swore that Apple's way wouldn't be able to be bypassed in the same manner. What's superior to the competition is its incorporation into the home button.
Well that "competition" is very busy ridiculing itself eh? Motorola has one short memory... as the Atrix, IIRC, is the only cell that had a fingerprint tech unlock?
They will do all that to achieve what, exactly? Make phone calls and download some apps and music from your iTunes account?
LG also has a phone coming out with a fingerprint scanner and the rumor is that HTC will as well, but it was fingerprint scanners in general that were ridiculed.
Firstly, it's not useless by itself - even if it proves to be hackable it is likely to be more than adequate security to prevent the vast majority of attempted unauthorized access to a phone, and for that purpose it represents a huge improvement in convenience. For more secure processes one might want to add a password for a 3-step combo.
Credit card transactions could be adapted to require a PIN, at least in the US, they currently do not, so that argument is moot.
If you ever end up with a phone that supports this feature, I'd be curious to know how long it is before you start using it. I predict that it will be hugely popular, and that the incidence of it being hacked is minuscule.
They'll have access to one's email which could lead to access to bank accounts, online shopping accounts, etc...
If your emails contain the passwords to access your financial accounts then you probably need to completely rethink your security posture.
They could request a password change and through the email change it. Someone could change your PayPal password and then send money to a account that they set up.
"Biometric security" via a fingerprint reader was a feature in HP iPaq's beginning in 2003.
http://pbdj.sys-con.com/node/42623
http://reviews.cnet.com/search-results/hp-ipaq-h5450-pocket/4505-5_7-20665470.html
Touch ID was designed to keep your wife from reading txt messages from your girlfriend while you are in the shower. If she suddenly orders a 2400 dpi laser film printer and a high resolution camera with a macro lens, then you might have something to worry about.
If I had a wife then I'd have something to worry about
Having a wife has its good points for sure. I was just kidding about the girlfriend part. No, honestly, honey, I was just kidding, No, I was kidding. I never said I had a girlfriend... No, I didn't.
this is still total FUD. their "fake finger hack" is easy to defeat conclusively.
maybe it has already been noted on this long thread, but you can easily use your index finger knuckle instead of finger tip as your Touch ID print. it's only slightly less ergonomic to do. and basically you do not leave your "knuckleprints" anyplace at all, anytime. certainly not on your phone. so the hackers would have nothing to start with they could ever make a copy of.
when are all the genius on the web going to figure this simple thing out?
Perhaps you can shake those pebbles loose in your skull. Do tell me how they get a clean copy of my fingerprint after they take my phone in first place. Because really all thieves will use gloves and will be extra careful not to smudge any fingerprints on it too. And if I use my pinky finger, how would they get a copy of that. I don't touch my phone with it.
Ahh so you use the ol' 'cup of tea' grip?
I'm fancy like that. The pinky holds the bottom of the phone like a shelf.
If your emails contain the passwords to access your financial accounts then you probably need to completely rethink your security posture.
They could request a password change and through the email change it. Someone could change your PayPal password and then send money to a account that they set up.
OK - this is getting silly and I'm rapidly losing interest in the discussion. Does your bank let you change your password with just an email request and no further verification? None of mine do. Nor does Paypal - you need to provide extra security information in the form of answers to security questions.