PayPal Executive Looks for Apple to Adopt Fingerprint Sensors, Lead Charge Away From Passwords

[jayducharme]

FIDO Alliance? That made me laugh on a boring Friday afternoon. I just hope they're not barking up the wrong tree.

If there is an identity breach, you can rest assured they will doggedly pursue the criminals. And they have a readily available contact if you have a bone to pick with them.

 

[hydr]

i actively avoid using the scamming, lying, turd of a con-artist company Paypal at all costs, if a company only takes payment via paypal i look elsewhere for my purchase.

Really don't want them embedding themselves in ANY part of iOS.

Also didn't mythbusters prove that fingerprint sensors, even the state of the art ones, can be fooled by a bit of body heat and some silicon gel ?

The amount of security we are talking about is on a whole different level from normal "fingerprint scanners". In fact calling Apples authentec solution for a fingerprint scanner is misleading.

Even if you cut someones finger off, and tried to use it to unlock a device it would not work. It is a bio metric scanner that uses the finger print among other things as a metric. It measures and matches a whole set of data points, including blood pressure, density, thickness of skin, etc.

My guess is it would be practically impossible to break it using a "fingerprint".

Now imagine if you could use this on an Apple TV, iTunes, iCloud account, App Store, payment system, Facebook, etc... No more entering user name/passwords, just swipe your finger and boom you´re in.

I made some predictions 5 months ago about this, although most comments were negative and unsupportive of this sort of technology. Trust me it´s coming.

 

[iBug2]

If someone steals or hacks a password of yours, you can change it. If someone steals your credit card, you can cancel it. If you have lost a key? You can change your locks.

Are you following me....?

And if someone steals your fingerprint data you'll simply cancel all fingerprint enabled security measures and change them to password protected ones. How little imagination some people have to think that you need a new fingerprint if someone steals yours.

 

[hydr]

Indeed a factor and why PIN is not as bad as some think. There are badly chosen PIN's, but your 4 digit bank PIN has 10,000 possible combinations.

Our body has a very limited number of biometric identifiers in comparison. I do not think that this type of verification is safe to rely on, or will be accepted as a single solution at least for the reasons you mention.

My home alarm system requires that I not only enter my PIN, but also requires a key FOB. I may even get a call if I mess things up...

My online banking requires that I have my bank card to physically place into a card reader which generates an 8 digit code for payment verification. Prior to getting to this stage I must know my PIN and at times satisfy a security question.

Do you really think they are going to revert to a single pass verification on the basis of a fingerprint?

You are wrong in every regard in this post. Almost to the extend of laughable. "Our body has a very limited number of biometric identifiers"? Are you serious? There are billions upon billions of biometric identifiers in our bodies. Technology has advanced far than simple fingerprints readers. Please google Authentec and read about how it works before posting stuff like this.

Cheers.

 

[dannyyankou]

This sounds really cool. Hopefully it's adopted in itunes purchases and banking apps.

 

[gumblecosby]

I'm imagining some smart fellows being able to derive fingerprints from the smudge marks on your iDevice based off common use practices ie. what is the mean average for finger/thumb movement

/paranoia

I wonder if Apple will allow more than one set of fingerprints to unlock a device. I would find that useful

 

[iMikeT]

At first I really didn't care much for a fingerprint sensor but now I would welcome the addition, not only to my iOS device but an add-on dongle for my Mac along with other devices. I'm getting to the point where I can't remember half of my passwords because I have so many!

 

[AppleMark]

And if someone steals your fingerprint data you'll simply cancel all fingerprint enabled security measures and change them to password protected ones. How little imagination some people have to think that you need a new fingerprint if someone steals yours.

Then what is the point of spending 'X' amount of money on an infrastructure system, only to revert to the former when it goes wrong?

So facilities will be required to have fingerprint scanner and PIN machines, just in case?

And you accuse me of having little imagination....

 

[AppleMark]

You are wrong in every regard in this post. Almost to the extend of laughable. "Our body has a very limited number of biometric identifiers"? Are you serious? There are billions upon billions of biometric identifiers in our bodies. Technology has advanced far than simple fingerprints readers. Please google Authentec and read about how it works before posting stuff like this.

Cheers.

About my home alarm system and my banking arrangements? How would you know?

I suppose the context of the post was off slightly. However I was referring to the basic practical viable elements of biometric identification.

E.g, Retina, fingerprint, facial and voice recogniition and the like.

Triple Helix Scanner and Semen Swab Reader's and the like were not in my line of contextual thinking at the time.

Cheers.

 

[j.applewood]

I don't think it's paranoia when there are countless examples of security data breaches that usually end 'company x resets all passwords'. And there are also examples of what was supposedly anonymous data being easily associated with specific users after being released or leaked.

I didn't mean I thought Apple might sell my fingerprints, rather that I just trust Apple with my data more than other companies, but there is still a line to be drawn. And will I trust them in 10 years' time? 20 years' time? It's worth thinking about carefully, because you can't put this genie back in the lamp after it's out there.

10 fingers. 9 password reset opportunities.

 

[Liquorpuki]

Queue up the new stories blaming Apple of people getting their fingers cut off for access to their devices when they are stolen. Here come the Hollywood movie scenes...whenever people need some bio access...

I want a retinal scanner

Ever seen Demolition Man?

 

[topper24hours]

WiPro, Amazon ... just searched for jobs in Cupertino


I really don't need a fingerprint reader ... if we need to get one I hope its integrated into the home button to spare me another button.

Did I mentioned I would preferr NFC instead ? For me more usefull.

But hey, whatever put in the 5S I will get and live with.

On the patent they filed it shows a diagram to the right of the home button of a "hidden" below the surface fingerprint sensor that only becomes visible momentarily as it is being used.

----------

Apple should ONLY accept fingerprint technology when there is 100% certainty that it works. There is simply no room for f*ckups when using these kind of technology. The last thing you would like to see on your iPhone screen when using fingerprint technology is the message: "Fingerprint recognized, but payment "dog" not accepted, please try again."

Don't you think it would then default to your actual password (which will clearly still be an option for the small amount of people that are burn victims or simply have issues with the technology)?

----------

I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind. It isn't like a password or e-mail address that can be changed if it gets out. You get one chance, and then your biometrics are compromised for the rest of your life.

I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.

I believe that Apple entered into an agreement with Australian biometric security firm, Microlatch for the specific reason- that they have a protocol that meets the security requirements of all of the world banks and does NOT require an external housing of fingerprints for verification. (that is to say, the comparison is done LOCALLY on the device & Apple would NEVER have your biometric information).

 

[phillipduran]

So now criminals will have to steal your finger as well . . .

 

[tekboi]

Pretty sure it won't happen. But it's a nice thought I guess....

 

[H2SO4]

It doesn't work by optically scanning the finger it uses capacitive sensors which won't work on dead fingers or with prints copied from a glass or anything like that.

That's why he says Hollywood movie scenes.
Hollywood must think we are all idiots.

 

[vpndev]

why Apple ?

Just why is it that Apple is supposed to take the lead ??

Since there are lots more Android phones out there, doesn't it make sense for Google to take the lead?

And don't give me the "fragmentation" thing - that doesn't apply. To be properly secure (whatever that means in the Android ecosystem) - this needs to be built-in. Not added-on.

I think I know the answer (*) but it would be great to hear from Google and the Android phone vendors.

* something to do with phone usage, as opposed to phone ownership. Many Android phones seem to have usage pattern that resemble featurephones.

 

[mikemch16]

What if a phishing scam convinces you to enter in your fingerprint and now they have that data. Couldn't that information now be used to hack all of your accounts. Not to mention you can't change the data of your fingerprint like you can with a password. It seems like you are now forever vulnerable. Any thoughts? Am I mistaken?

 

[phillipduran]

Now _that_ is not an argument against fingerprint readers.

If they take you hostage to use your fingers, they could easily force you to tell a password as well. And if they take you hostage, that password is the least of your worries.

I think the point is, with passwords all they need is the password. With a biometric pass device, they need YOU!

 

[the8thark]

Why bother with a finger print scanner when you can use the camera for a retina scan.

 

[topper24hours]

Call me old fashionioned, but I like passwords much more than biometric identification. If your fingerprint gets stolen, you can't just change it. If your password gets hacked, you can always just change your passwords and be done with it.

And if someone steals your fingerprint data you'll simply cancel all fingerprint enabled security measures and change them to password protected ones. How little imagination some people have to think that you need a new fingerprint if someone steals yours.

I understand the paranoia with a new (and clearly not even vaguely understood by most of the forum users here) technology... so please don't take this snarkily. But, I'm imagining the steps necessary for somebody to steal fingerprint data from your device, when that data is ONLY housed locally AND the security of which has been independently verified as meeting or exceeding security requirements of the major world banks. This isn't like trying to figure out a jailbreak, people...! Imagine if there was only a single point of entry to try to jailbreak & Apple didn't manage that, a 3rd party company of security professionals did. Umm, jailbreaking would become a thing of the past.
Do I believe that there is SOME incredible genius hacker out there that, given enough time and resources could crack even the super, super high-end banking security level encryption on a forthcoming iDevice and possibly (and ONLY if they physically had your device in their possession) then figure a way to extract your fingerprint data to an external machine.. and then they'd have the job of trying to replicate that data, somehow grafting it onto a living finger to trick said device into thinking it is you? Sure. There may even be a small handful of hackers in the world of this caliber. To think that they are going to go through that Herculean level of effort to have the brief ability to check your Facebook posts & possibly order up a few iOS games linked only to your account is bizarre and laughable beyond the "tin foil hat" conspiracy theorist level, and more like the "I belong to the Church of the Flying Spaghetti Monster" kind of insane.
Remember that, even in the extreme "a super-hacker followed me & boosted my phone!" scenario I just outlined, they would easily be foiled no matter what if you noticed your phone was gone and either performed a remote wipe.. or simply changed your password prior to them getting it back to their secret lair to uncover your deep, dark secrets that you clearly house on your iPhone...

 

[Sedrick]

Bring it on!

 

[jrswizzle]

I understand the paranoia with a new (and clearly not even vaguely understood by most of the forum users here) technology... so please don't take this snarkily. But, I'm imagining the steps necessary for somebody to steal fingerprint data from your device, when that data is ONLY housed locally AND the security of which has been independently verified as meeting or exceeding security requirements of the major world banks. This isn't like trying to figure out a jailbreak, people...! Imagine if there was only a single point of entry to try to jailbreak & Apple didn't manage that, a 3rd party company of security professionals did. Umm, jailbreaking would become a thing of the past.
Do I believe that there is SOME incredible genius hacker out there that, given enough time and resources could crack even the super, super high-end banking security level encryption on a forthcoming iDevice and possibly (and ONLY if they physically had your device in their possession) then figure a way to extract your fingerprint data to an external machine.. and then they'd have the job of trying to replicate that data, somehow grafting it onto a living finger to trick said device into thinking it is you? Sure. There may even be a small handful of hackers in the world of this caliber. To think that they are going to go through that Herculean level of effort to have the brief ability to check your Facebook posts & possibly order up a few iOS games linked only to your account is bizarre and laughable beyond the "tin foil hat" conspiracy theorist level, and more like the "I belong to the Church of the Flying Spaghetti Monster" kind of insane.
Remember that, even in the extreme "a super-hacker followed me & boosted my phone!" scenario I just outlined, they would easily be foiled no matter what if you noticed your phone was gone and either performed a remote wipe.. or simply changed your password prior to them getting it back to their secret lair to uncover your deep, dark secrets that you clearly house on your iPhone...

LOL.....bravo.

 

[639051]

No, No, NO! I REALLY don't want some idiot from PayPal directing anything concerning technology. Fingerprint scanners to me are worthless, there are other methods that are FAR better than using a fingerprint as a password, and they work better to.

 

[Sedrick]

I understand the paranoia with a new (and clearly not even vaguely understood by most of the forum users here) technology... so please don't take this snarkily. But, I'm imagining the steps necessary for somebody to steal fingerprint data from your device, when that data is ONLY housed locally AND the security of which has been independently verified as meeting or exceeding security requirements of the major world banks. This isn't like trying to figure out a jailbreak, people...! Imagine if there was only a single point of entry to try to jailbreak & Apple didn't manage that, a 3rd party company of security professionals did. Umm, jailbreaking would become a thing of the past.
Do I believe that there is SOME incredible genius hacker out there that, given enough time and resources could crack even the super, super high-end banking security level encryption on a forthcoming iDevice and possibly (and ONLY if they physically had your device in their possession) then figure a way to extract your fingerprint data to an external machine.. and then they'd have the job of trying to replicate that data, somehow grafting it onto a living finger to trick said device into thinking it is you? Sure. There may even be a small handful of hackers in the world of this caliber. To think that they are going to go through that Herculean level of effort to have the brief ability to check your Facebook posts & possibly order up a few iOS games linked only to your account is bizarre and laughable beyond the "tin foil hat" conspiracy theorist level, and more like the "I belong to the Church of the Flying Spaghetti Monster" kind of insane.
Remember that, even in the extreme "a super-hacker followed me & boosted my phone!" scenario I just outlined, they would easily be foiled no matter what if you noticed your phone was gone and either performed a remote wipe.. or simply changed your password prior to them getting it back to their secret lair to uncover your deep, dark secrets that you clearly house on your iPhone...

The same could pretty much be said for your pin number. Who the hell cares what the average Joe has going on?

 

[639051]

The same could pretty much be said for your pin number. Who the hell cares what the average Joe has going on?

This isn't just about the code to unlock your device. Paypal being involved means they want to use this method for services where your funds are involved. Keep in mind, Paypal IS NOT a bank and is not forced to follow banking guidelines. They have abused this many times in the past.

Just imagine the first few people to have their biometric data stolen, and you now having to PROVE that it wasn't you who extracted the money from your account. Paypal is bad enough already with this, and password theft/account hacking happens frequently enough as it is.