Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PayPal Executive Looks for Apple to Adopt Fingerprint Sensors, Lead Charge Away From Passwords

Porco said:
I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind. It isn't like a password or e-mail address that can be changed if it gets out. You get one chance, and then your biometrics are compromised for the rest of your life.

I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.
Click to expand...

Like all data Apple collects, I'd be willing to bet the biometric data would be anonymous. Hence if it were to ever get out, no one would have the slightest clue who's it was unless they had access to some kind of police/federal database of fingerprints/bio data.

And we're talking fingerprints here.....again, what would Apple do with your fingerprints? These companies sell data to advertising agencies to make money.....I doubt any ad companies care what your fingerprints look like.

A little less paranoia ;)
 
Cue all the "You're holding it wrong" comments....

I can't wait for the day when I no longer have to rattle my feeble brain to remember the scads of passwords for everything I do. If companies can somehow tap into either fingerprint or voice recognition to log onto online sites, life will become infinitely simpler. Then we can tell the grandkids, "You don't know how easy you've got it! I remember when I used to have to log in to every site with a different 50 digit password -- uphill, in both directions!"
 
Porco said:
I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind. It isn't like a password or e-mail address that can be changed if it gets out. You get one chance, and then your biometrics are compromised for the rest of your life.

I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.
Click to expand...

I don't see how password + 2factor auth is more secure than fingerprint + 2 factor auth.

They days of single password/ credentials are over IMO. I have 2 factor enabled on everything personally.

You have a point in not being able to change your fingerprint, but there is a lot of convenience there.
 
Porco said:
I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind.
Click to expand...

Yep, finger print scanners can be easily fooled.

Porco said:
I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.
Click to expand...

Really? I don't think so and neither do the EFF. Read this link and then you may want to edit your post....

https://www.eff.org/who-has-your-back-2013
 
Davmeister said:
Can I ask why? I regularly use it to pay for things as well as receive money via eBay etc. Although their fees are high for receiving, I don't really see problems with paying for things?
Click to expand...

Because they money launder, fail to repay money taken "by Accident" and are generally impossible to deal with if you need to get money back off them because they made an error.

Personal experience with them, and 2nd hand experience with them via friends and family has been nothing but shockingly bad,
Ive written off about £700, as the response from paypal was (after a month or so) take us to the small claims court.

Originally they double charged me for an item, so £150 twice, when i contacted them to say they had made a mistake, it took nearly two weeks to get a response, which was an apparently auto generated message that said they had dealt with it.

They dealt with it by taking the £150 AGAIN !!, and another £150 a week later without any correspondence from myself.

Over this time another order i had had been double billed..., i then wasted TWO DAYS of my holiday trying to speak to a person to resolve the issue, when i was told they couldn't do anything, it all looked fine at their end, basically accused me of lying and trying to scam them into giving me money and told me to take them to court.

Its still ongoing as im not sinking more money into chasing them, and small claims court is having no better luck than i did myself, as they hide behind the fact they operate internationally.
 
Last edited:
dragje said:
Apple should ONLY accept fingerprint technology when there is 100% certainty that it works. There is simply no room for f*ckups when using these kind of technology. The last thing you would like to see on your iPhone screen when using fingerprint technology is the message: "Fingerprint recognized, but payment "dog" not accepted, please try again."
Click to expand...

Should we have only accepted credit/debit card technology once it was 100% certain? If so, we would still be using checks.
 
jrswizzle said:
Like all data Apple collects, I'd be willing to bet the biometric data would be anonymous. Hence if it were to ever get out, no one would have the slightest clue who's it was unless they had access to some kind of police/federal database of fingerprints/bio data.

And we're talking fingerprints here.....again, what would Apple do with your fingerprints? These companies sell data to advertising agencies to make money.....I doubt any ad companies care what your fingerprints look like.

A little less paranoia ;)
Click to expand...

I don't think it's paranoia when there are countless examples of security data breaches that usually end 'company x resets all passwords'. And there are also examples of what was supposedly anonymous data being easily associated with specific users after being released or leaked.

I didn't mean I thought Apple might sell my fingerprints, rather that I just trust Apple with my data more than other companies, but there is still a line to be drawn. And will I trust them in 10 years' time? 20 years' time? It's worth thinking about carefully, because you can't put this genie back in the lamp after it's out there.
 
I absolutely LOVE this idea.

The thing that seems almost obvious to me about biometric authentication, as implemented by Apple, is that it will be ubiquitous. Unless finger print scanners on laptops that just let you log in to that local device, we can start to move away from horrible passwords to log in to websites and software– they will be able to authenticate through finger prints, retina scans, facial recognition, voice patterns, or a number of other factors. The website doesn't need to know how you authenticated– nor would it store anything identifiable about your biometric data. It would just know you're authenticated.

This is a great next leap into the future. Everyone in the know is aware that passwords have obvious problems that are never going to go away. Why not have 2-factor authentication with a fingerprint and a local key?

----------
Porco said:
I don't think it's paranoia when there are countless examples of security data breaches that usually end 'company x resets all passwords'. And there are also examples of what was supposedly anonymous data being easily associated with specific users after being released or leaked.

I didn't mean I thought Apple might sell my fingerprints, rather that I just trust Apple with my data more than other companies, but there is still a line to be drawn. And will I trust them in 10 years' time? 20 years' time? It's worth thinking about carefully, because you can't put this genie back in the lamp after it's out there.
Click to expand...

The police department or DMV might already have your finger prints. Anyone can grab your SSN these days. Lots of data is out there allready. This will, to your point, ultimately be an enabling technology. And while I think your concerns are totally valid about data security, there are massive strides we can make with 2-factor authentication and biometrics over all these stored passwords. I'd agree that Apple is as safe a company as any to store your biometrics.
 
Call me old fashionioned, but I like passwords much more than biometric identification. If your fingerprint gets stolen, you can't just change it. If your password gets hacked, you can always just change your passwords and be done with it.
 
My vaio z does that now... It works fine - it recognizes a site and unlocks it by touching the sensor on the mouse pad. I have not typed in a password for about a year now. It is still password based thou, just linked to a fingerprint. I can see it going past that thou.

Work has their own stuff on it also, I can log in to the network with my finger print yet I have no idea what the code is.
 
wiz329 said:
Call me old fashionioned, but I like passwords much more than biometric identification. If your fingerprint gets stolen, you can't just change it. If your password gets hacked, you can always just change your passwords and be done with it.
Click to expand...

I don't see why one couldn't continue using a password, options are good.
 
Porco said:
I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind. It isn't like a password or e-mail address that can be changed if it gets out. You get one chance, and then your biometrics are compromised for the rest of your life.

I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for me to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.
Click to expand...

I agree completely!

When my mom bought a laptop with a fingerprint scanner in it, the first thing I did after taking it out of the box was disabling that feature, so that it would never work again.

A lot of people are going to scan their fingerprints in the name of convenience (because they don't like passwords), not because they want more security (in addition to separate unlinked and manually entered passwords). Most people probably won't use either anyway, because they are less convenient than an always unlocked phone.

I hope Apple makes this a user selectable toggle option with the ability to restrict it like the twitter and Facebook integration.
 
Last edited:
Frobozz said:
The police department or DMV might already have your finger prints. Anyone can grab your SSN these days. Lots of data is out there allready. This will, to your point, ultimately be an enabling technology. And while I think your concerns are totally valid about data security, there are massive strides we can make with 2-factor authentication and biometrics over all these stored passwords. I'd agree that Apple is as safe a company as any to store your biometrics.
Click to expand...

I'm in the UK, and I'm fairly sure my fingerprints are not on record, having never been involved in criminality. Also I don't drive.

I am sure great strides will be made in the future. But if I'm going to go on an ocean cruise, I'd rather travel on the ocean liner long after the 'unsinkable' Titanic has sailed, if you get the metaphor… :p
 
Ryth said:
Then they'll take live fingers..meaning the person...hostage, etc...

Apple will get blamed for something with this...trust me.
Click to expand...

Now _that_ is not an argument against fingerprint readers.

If they take you hostage to use your fingers, they could easily force you to tell a password as well. And if they take you hostage, that password is the least of your worries.

----------
Porco said:
I didn't mean I thought Apple might sell my fingerprints, rather that I just trust Apple with my data more than other companies, but there is still a line to be drawn. And will I trust them in 10 years' time? 20 years' time? It's worth thinking about carefully, because you can't put this genie back in the lamp after it's out there.
Click to expand...

I worry more about what the chances are that my fingerprints are rejected, or someone else's fingerprints are accepted.
 
Nightarchaon said:
Its still ongoing as im not sinking more money into chasing them, and small claims court is having no better luck than i did myself, as they hide behind the fact they operate internationally.
Click to expand...

If they have _any_ office in the UK then they have no chance to escape. Something similar happened to one British bank; they lost in a small claims court (probably couldn't be bothered), refused to pay, until someone turned up with court order and bailiffs at one of their branches. (It was up to the bank manager to pay up or to have furniture and computers removed).

Hotham House, 1 Heron Square, Richmond, Surrey TW9 1EJ
 
It's not like fingerprint protection is amazing either; it's better to have both with a required press on a fingerprint sensor followed by a passcode, pattern or whatever.
 
Porco said:
I'm still not convinced on the security of fingerprint readers, and I think it's an incredibly bad idea to tie computer security to biometrics of any kind. It isn't like a password or e-mail address that can be changed if it gets out. You get one chance, and then your biometrics are compromised for the rest of your life.

I trust Apple with my data more than I trust most companies, because they have shown to act (relatively) responsibly with it, plus it's not their business model to sell that data. But even Apple would have to do a lot more for to ever consider giving up my biometric data for them to hold as a password replacement. The benefits just aren't worth the risks.
Click to expand...

What are you talking about? You'll be able to change it at least 9 more times. 19 more times if you want to count your toes but that could get pretty awkward or just down right embarrassing if you're out in public and want to pay for that vente cappuccino at the local coffee shop.
 
mic j said:
Should we have only accepted credit/debit card technology once it was 100% certain? If so, we would still be using checks.
Click to expand...

Im not saying the procedure should be 100% correct or that the program itself shouldn't crash. I'm talking about that this system shouldn't fail when it comes to rightfully identify the rightful owner, else you'll have to deal with problem you don't want to deal with. It's that simple.
 
gnasher729 said:
I worry more about what the chances are that my fingerprints are rejected, or someone else's fingerprints are accepted.
Click to expand...

Indeed a factor and why PIN is not as bad as some think. There are badly chosen PIN's, but your 4 digit bank PIN has 10,000 possible combinations.

Our body has a very limited number of practical biometric identifiers in comparison, for example retina, fingerprint, facial and voice recognition. I do not think that this type of verification [fingerprint] is safe to rely on, or will be accepted as a single solution at least for the reasons you mention.

My home alarm system requires that I not only enter my PIN, but also requires a key FOB. I may even get a call if I mess things up...

My online banking requires that I have my bank card to physically place into a card reader which generates an 8 digit code for payment verification. Prior to getting to this stage I must know my PIN and at times satisfy a security question.

Do you really think they are going to revert to a single pass verification on the basis of a fingerprint?
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back