Fingerprint Scanner...WTF is it for?

[Zerilos]

It builds a database of biometric information for hackers to exploit. Unlike a password, a fingerprint can't be changed. So in a few years, good luck convincing your bank that it wasn't really you who emptied your account.

Your fingerprints cannot be changed; however the finger you use to identify yourself can. AuthenTec's fingerprint scanner does require that the exact finger be used for authentication, so you could technically change your fingerprint for these purposes. The data is also highly encrypted. My suspicion is that Apple will also limit the amount of money that can be spent each day via what I assume will be Passbook, or they will allow us to set a limit. Also, your fingerprint would never be wirelessly transferred (nor would that be possible on iOS), rather your phone would transmit a confirmation of a successful scan during a transaction. Anyone attempting to hack your phone to sent false confirmations would need to physically acquire your phone and probably physically remove the flash drive(s) and then decrypt the info. By that time you would have already contacted Apple and restored the phone via Find My iPhone.

Ultimately I suspect the benefits far out weigh the risks.

 

[entatlrg]

People get all worked up because they think something will be amazing:

"NFC?!?!? Now I don't have to swipe my card!"
[forgetting the terrible security they generally have and the ability to grab CC numbers in transmission]

"Siri!?!? Now I don't have to type!"
[Instead I'll ask siri repeatedly if it's hot and why it won't have sex with me]

"Fingerprint scanner?!?!?! Now I won't have to type a code anymore!"
[questionable if this is really more secure, especially given how easy it is to lift prints off of any electronic device]

But will really no no practical use on a phone.

LOL, I use Siri 7 days a week, love it. Saves me ton's of time.

Fingerprint scanner sounds great, bring it on!

 

[omgwut]

How sweet would it be if the fingerprint sensor worked with your password keychain so you could just press your thumb to the phone for everything?

 

[Gutwrench]

I hope my company will accept this type of security authentication, if so...

I hope they'll relax the requirement forcing me to change my authentication every four weeks, but if not...

I hope they'll loosen the setting that prevents me from using the same authentication within 18 months or I'll be resorting to using my toes to unlock it.

 

[mcdspncr]

Your fingerprints cannot be changed; however the finger you use to identify yourself can. AuthenTec's fingerprint scanner does require that the exact finger be used for authentication, so you could technically change your fingerprint for these purposes. The data is also highly encrypted. My suspicion is that Apple will also limit the amount of money that can be spent each day via what I assume will be Passbook, or they will allow us to set a limit. Also, your fingerprint would never be wirelessly transferred (nor would that be possible on iOS), rather your phone would transmit a confirmation of a successful scan during a transaction. Anyone attempting to hack your phone to sent false confirmations would need to physically acquire your phone and probably physically remove the flash drive(s) and then decrypt the info. By that time you would have already contacted Apple and restored the phone via Find My iPhone.

Ultimately I suspect the benefits far out weigh the risks.

You might be right that the fingerprint isn't wirelessly transmitted each time you unlock your phone or pay for something, and if this is the case then I'm sure with daily limits and other restrictions the payment aspect of this technology would be fairly safe. However, if there is a database of fingerprints stored somewhere, the ramifications could be huge. Based on how Siri is always talking to the servers, and how iOS7 will have a synchronized iCloud database of keychain passwords, its too early to say if fingerprints will stored be purely locally, or if Apple/a third party will store them on a server. Should these fingerprints ever fall into the wrong hands, innocent customers could hypothetically be subject to all new types of identity theft, or perhaps even be framed by particularly malicious criminals. Furthermore, as to my understanding the US government can only collect fingerprints of convicted felons and a few other groups of people such as those traveling across the boarder. But it seems pretty likely that NSA/PRISM would deem any online database of fingerprints as "vital to national security" (in a secret court of course), which would be a further invasion of privacy for both Americans and anyone else around the world with an iPhone. Provided fingerprints are only ever stored locally, then the scanner would be great. But the security concerns with storing fingerprints online should certainly be taken into consideration. There's a reason we don't use our social security numbers for email passwords. And fingerprints are much more permanent, regardless of which finger you set as the key.

 

[Dulcimer]

Hmm... What will stop someone from unlocking your phone as you sleep? With iCloud password sync, an intruder could cause some problems. How would they solve that...? Maybe it won't be used for unlocking the device after all?

 

[ogremoustro]

Maybe so, but encryption can be broken and often is. No matter where it's stored -- at Apple, at a third party, on the device or some combination -- it's vulnerable to one extent or another.

It is vulnerable and possible but it probably would be very difficult to break the encryption. Breaking the iMessage encryption is VERY hard to do.

 

[3rd Rock]

Hmm... What will stop someone from unlocking your phone as you sleep? With iCloud password sync, an intruder could cause some problems. How would they solve that...? Maybe it won't be used for unlocking the device after all?

Goodness sakes. Here we go again. Taking your finger to open the phone while you are sleeping remark. Goes with cutting ones finger off to do the same thing. All these individuals that posts these ridicules dooms day remarks need to get real for once.

 

[Dulcimer]

Goodness sakes. Here we go again. Taking your finger to open the phone while you are sleeping remark. Goes with cutting ones finger off to do the same thing. All these individuals that posts these ridicules dooms day remarks need to get real for once.

Except that cutting someone's finger is much more serious and less likely to happen. Also, the biometrics wouldn't detect a dead, cut-off finger. I'm just curious about the sleep situation since I see that as a concern.

 

[Shuri]

Except that cutting someone's finger is much more serious and less likely to happen. Also, the biometrics wouldn't detect a dead, cut-off finger. I'm just curious about the sleep situation since I see that as a concern.

The phone is going to make a very, VERY loud BEEP, so if someone around is asleep he's going to wake up for sure.

I'd love to see a fingerprint sensor on my phone, but I'm on a two year contract with my iphone 5. Then again I can let people test this a whole year for me

I'm really looking forward to see how Apple implemented these (I'm assuming that the fingerprint scanner is a sure thing, cause of the code we've seen lately in Beta). I want my phone to be secure, but typing in a passcode every time is grinding my gears. (I have passcode turned on though) If it works seamless it'll be a great feature.

The other thing is, if this leads to a capacitive home button or at least a mixed one, as I also like to see that on the iPhone.

 

[PRSGuitarist]

First, what you see on PCs is a crap version of a fingerprint scanner. The tech Apple bought, on paper, is actually quite robust.

Yeah, my work PC has one that I've never been able to get working.

 

[makotoisle]

Hmm... What will stop someone from unlocking your phone as you sleep? With iCloud password sync, an intruder could cause some problems. How would they solve that...? Maybe it won't be used for unlocking the device after all?

I'll be honest, I envy anyone that can sleep through someone fussing with their hands long enough to use their fingerprint to unlock something!

 

[NewbieCanada]

You might be right that the fingerprint isn't wirelessly transmitted each time you unlock your phone or pay for something, and if this is the case then I'm sure with daily limits and other restrictions the payment aspect of this technology would be fairly safe.

Since you have to be able to unlock your phone regardless of whether or not you have a cellular or wifi connection, the fingerprint can ONLY be stored locally.

Even if we lived in a magical world where there's always a signal, having remote authentication of the fingerprint would cost Apple money and serve absolutely no purpose whatsoever - not for Apple, not for the customer.

 

[mcdspncr]

Since you have to be able to unlock your phone regardless of whether or not you have a cellular or wifi connection, the fingerprint can ONLY be stored locally.

That's what I figured too, but iOS7 has a cloud based keychain, Siri needs a connection, and if Apple ever adds fingerprint scanners to other product lines it's very conceivable that they would add biometric information to your iTunes account info. Oh, and believe me - I know all to well about poor signals and lack of connection. I used to live in Canada

 

[3rd Rock]

Except that cutting someone's finger is much more serious and less likely to happen. Also, the biometrics wouldn't detect a dead, cut-off finger. I'm just curious about the sleep situation since I see that as a concern.

Where is the concern ? For one, why would anyone would want to take your finger while your sleeping to get into a phone ? Its a darn phone for goodness sakes, not national security. If its your spouse, that is another story, but a stranger, a friend, than why, just why ? Makes no sense. Stealing a phone, yes, but to get into it while sleeping ? Someone going to sneak into your home/apartment ? For a phone ? No way

 

[atteligibility]

improved user experience:
- unlocking phone with fingerprint rather than PIN/passcode is much faster and user friendly
- some users do a lot of app downloading and/or in app purchasing, not having to reenter the password every single time would be nice

better security:
- because it's such a pain to enter a complex password 20 times a day, people end up using 4 digits pin to unlock their phone instead of a secure password. fingerprint is at least as good as a secure password
- same for apple account, every time you download an app, if you need to enter a password like 'u2h53Jk!;' it's just annoying
- also since those passwords need to be used pretty often, they need to be remembered. As a consequence, we tend to use simple passwords and not change them often.

New features:
- since the phone is a connected device, the scanner becomes potentially useful not only for the phone itself, but could become a scanner to any connected device or service
- Imagine this: with an iBeacon in your car or your home door, as you get closer to it, the lock knows you're in close proximity, you're then prompted to scan your fingerprint to unlock the door
- endless possibilities

 

[Ay_Zimmy]

Do you really type a passcode 25x/day? I only have to if I download a new app that requires login, which is maybe once a week or month. Everything is logged in automatically due to cookies. I understand that you may be different but 25x seems excessive.

Most people I know who use iPhones stick to their tried and true apps and maybe jump on the latest ones like Snapchat or Tinder once every few months. Seems like a solution to a problem that doesn't exist for the majority of users.

What about instead of a pass code on your phone you just use your fingerprint? Then you will be using it constantly.

 

[johnseattle]

LOL, I use Siri 7 days a week, love it. Saves me ton's of time.

Fingerprint scanner sounds great, bring it on!

I use siri 10 times a day and it works about 2 times.

 

[Tomacorno]

People get all worked up because they think something will be amazing:

"NFC?!?!? Now I don't have to swipe my card!"
[forgetting the terrible security they generally have and the ability to grab CC numbers in transmission]

"Siri!?!? Now I don't have to type!"
[Instead I'll ask siri repeatedly if it's hot and why it won't have sex with me]

"Fingerprint scanner?!?!?! Now I won't have to type a code anymore!"
[questionable if this is really more secure, especially given how easy it is to lift prints off of any electronic device]

But will really no no practical use on a phone.

Ha ha! Siri won't have sex with you? Loser!

On a slightly more serious note, I assume the sensor will be unobtrusive for those of us who don't think they will use it much and don't want it uglying up their phone.

 

[CoMoMacUser]

your fingerprint would never be wirelessly transferred (nor would that be possible on iOS), rather your phone would transmit a confirmation of a successful scan during a transaction.

Which means the phone stores a copy of your fingerprint so it can make the comparison, right? If so, then someone could steal the phone and get that information. Doing that in a Faraday cage blocks the ability to do a remote lock and wipe.

The bottom line is that hackers will look for opportunities to exploit, and they have a history of finding ones that make vendors facepalm and say, "Why didn't we think of that?"

 

[Hankster]

The biggest positive for me if there was a finger scanner is that I would be able to unlock my phone while driving. This way I would not have to look down at all. Then I could activate Siri and read my texts, etc.

I hate looking down to unlock my phone while driving. If scanning can remove this it'd be a huge change for the positive.

 

[cynics]

The biggest positive for me if there was a finger scanner is that I would be able to unlock my phone while driving. This way I would not have to look down at all. Then I could activate Siri and read my texts, etc.

I hate looking down to unlock my phone while driving. If scanning can remove this it'd be a huge change for the positive.

I have Siri set to work while my phone is locked. Its good at maintain security while allowing you to do things that you'd do while driving (read/reply text, make a phone call).

Might want to try it may make your trips a bit safer.

 

[Xplicit iPhone]

Yep, but if there's one thing you can guarantee, it's that if Apple put something into their hardware they're not going to do it half-assed. They'll only do it if it's perfected.

Yeah cause apple maps was perfect

 

[Zerilos]

Which means the phone stores a copy of your fingerprint so it can make the comparison, right? If so, then someone could steal the phone and get that information. Doing that in a Faraday cage blocks the ability to do a remote lock and wipe.

The bottom line is that hackers will look for opportunities to exploit, and they have a history of finding ones that make vendors facepalm and say, "Why didn't we think of that?"

Assuming that it would even be possible to hack the phone without the necessary fingerprint and then decrypt the fingerprint data in order to then use it to authorize purchases via Passbook, this would none-the-less require a fair amount of time and effort. Enough time, I would imagine, to allow the owner of the phone to contact Apple and temporarily disable the iTunes account that would be used for these purchases. The fingerprint feature adds another barrier to entry that thieves would need to defeat before they could exploit your stolen phone and is certainly better than any alternative available currently (and better than nothing) if you wish to use your phone to conduct local financial transactions. Again, Apple will also likely offer or require daily spending limits to further protect owners from being at too great a risk of financial loss. Keep in mind that iOS 7 comes with new security features that appear to be effective at preventing the selling of stolen iPhones as well.
Ultimately, the numerous hurdles phone thieves would have to leap in order to steal and sell your phone would make the endeavor a waste of time and not worth the risk of incarcerations.

 

[CoMoMacUser]

Assuming that it would even be possible to hack the phone without the necessary fingerprint and then decrypt the fingerprint data in order to then use it to authorize purchases via Passbook, this would none-the-less require a fair amount of time and effort. Enough time, I would imagine, to allow the owner of the phone to contact Apple and temporarily disable the iTunes account that would be used for these purchases. Again, Apple will also likely offer or require daily spending limits to further protect owners from being at too great a risk of financial loss.

iTunes purchases are one thing. Where things get really scary -- and costly -- is if someone uses that fingerprint to access accounts outside of the Apple ecosystem, such as bank accounts.