PayPal Executive Looks for Apple to Adopt Fingerprint Sensors, Lead Charge Away From Passwords

[Bubba Satori]

Queue up the new stories blaming Apple of people getting their fingers cut off for access to their devices when they are stolen. Here come the Hollywood movie scenes...whenever people need some bio access...

Queue up bringing stuff up before it's brought up so when stuff is brought up it can,
uh, yeah, uh, you know, uh, like, discredit it ahead of time before it happens.
That's my story and I'm very ambivalent about queueing it up because
I can never seem to remember how to spell queueing. My bad.

That is all. Carry on.

 

[topper24hours]

This isn't just about the code to unlock your device. Paypal being involved means they want to use this method for services where your funds are involved. Keep in mind, Paypal IS NOT a bank and is not forced to follow banking guidelines. They have abused this many times in the past.

Just imagine the first few people to have their biometric data stolen, and you now having to PROVE that it wasn't you who extracted the money from your account. Paypal is bad enough already with this, and password theft/account hacking happens frequently enough as it is.

To be fair, I believe Paypal's connection to be quite ansillary.. It sounds like the only Apple/PayPal connection here is in that the CIO of PayPal (apart from his duties at PayPal) is part of a body called FIDO that is promoting a mobile security standard. He HOPES that Apple supports said standard. This in NO WAY would correlate to "having PayPal on your Apple device". It would be more like saying "you can use your American Express card at Costco.. also you may use it at an Apple store." Clearly, that does not indicate a connection between the two companies other than they both use/accept the same financial instrument (substitute security technology & you have my point in a nutshell).

 

[Davmeister]

You're really grasping at straws to find something negative aren't you?

99% of people will find this useful. I guess Apple should never have released the iPhone as it also requires use of a finger? The humanity!

Read the comment I made in context to the comment I was quoting.

 

[flux73]

If someone steals or hacks a password of yours, you can change it. If someone steals your credit card, you can cancel it. If you have lost a key? You can change your locks.

Are you following me....?

If someone steals your phone, a fingerprint sensor doesn't stop you from being able to cancel your credit card. If someone has the data from one of your fingerprints, you still have 9 others. Or the data from the finger you used can be re-encrypted. Also the security software could allow a sequence of fingerprints that the user determines. Which makes it no different than a password. Wouldn't you agree that fingerprint data is harder to steal than a keystroke?

There are limitless ways in which you could secure data on a phone. NONE of them are 100%. And having a fingerprint sensor isn't mutually exclusive to other forms of security. It just adds another option (or layer). Ultimately, it's up to the user to decide how secure they need it for peace of mind and how much hassle he/she wants to put up with.

Fingerprint security is unquestionably more convenient. But if you really want to argue against it, then you have to present an argument that demonstrates it is unquestionably less secure than other current forms of security. Is it?

 

[Ronlap]

Fingerprint sensors - I'm screwed

No matter what CSI, Law&Order SVU, or other TV shows say, there are thousands of people without fingerprints, or without readable fingerprints. I do have fingerprints - sort of - but they cannot be read. Every time I need to go through a background check, it takes 2 months while my first and second set of prints (Livescan or paper and ink) are rejected by the FBI and I finally get a waiver. Let me tell you how fun it was dealing with the TSA's "trusted traveler" program.

Long story short, when fingerprints are mandated to login to my device or web sites, I'm screwed.

 

[Mactendo]

Also didn't mythbusters prove that fingerprint sensors, even the state of the art ones, can be fooled by a bit of body heat and some silicon gel ?

It's just the next iteration of things. 20 years later we can easily find ourselves in a world where such sensors can be easily fooled by any "cool hacker" and millions of fingerprints are already stolen by some anonymous groups, not to mention Google street cars which were sniffing those fingerprints since day one. So the iPhone 26 in year 2032 will use something like DNA check instead of obsolete fingerprint sensors. )

 

[scapegoat81]

Not only will the "gimmick" fingerprint sensor be used to unlock your phone, it will be used to authenticate your apple ID for purchases and will be a good start to allowing for secure mobile payments and passbook activities.

^This.

 

[Mackan]

Bet it won't work well if you have sweaty hands.

 

[Mactendo]

Call me old fashionioned, but I like passwords much more than biometric identification. If your fingerprint gets stolen, you can't just change it. If your password gets hacked, you can always just change your passwords and be done with it.

If a fingerprint gets stolen then you have at least 9 or even 19 more password replacement options ) When you run out of this limit, Apple will be happy to replace your device for a small fee )

----------

Not only will the "gimmick" fingerprint sensor be used to unlock your phone, it will be used to authenticate your apple ID for purchases and will be a good start to allowing for secure mobile payments and passbook activities.

It also will be a good start for a global FBI collection of world's fingerprints )

 

[flux73]

No matter what CSI, Law&Order SVU, or other TV shows say, there are thousands of people without fingerprints, or without readable fingerprints. I do have fingerprints - sort of - but they cannot be read. Every time I need to go through a background check, it takes 2 months while my first and second set of prints (Livescan or paper and ink) are rejected by the FBI and I finally get a waiver. Let me tell you how fun it was dealing with the TSA's "trusted traveler" program.

Long story short, when fingerprints are mandated to login to my device or web sites, I'm screwed.

Having a fingerprint sensor on the phone does not mean that that will be your ONLY option.

Plus, the VAST majority of people *will* be able to use their fingerprints. Arguing that we shouldn't have fingerprint security because some people don't have fingerprints is like saying we shouldn't use typed passwords because blind paraplegics can't type. That's not a reason to not have it. For people like you, there will be other options.

Name a single security measure that works easily and well for 100% of the population?

----------

If a fingerprint gets stolen then you have at least 9 or even 19 more password replacement options ) When you run out of this limit, Apple will be happy to replace your device for a small fee )

Don't forget you can use a sequence of fingerprints.

----------

Bet it won't work well if you have sweaty hands.

Do you not own a towel? Or pants?



Wow, the level of complaints about the pitfalls of a technology for which the implementation hasn't even been unveiled yet, is rather amazing. You'd think that there is absolutely no benefit to fingerprint security. SMH.

 

[gotluck]

Bet it won't work well if you have sweaty hands.

I have very sweaty hands and the fingerprint sensor on my hp elitebook works well

like sweaty to the point where i wont use an iphone without a case

 

[Abazigal]

One issue I see is that because we still need to access these websites on our computers, we will not make the passwords to difficult to type or remember. So security may still remain an issue.

I view the fingerprint system as more of a convenience than any step up in mobile security.

 

[nia820]

Anyone who has viewed these forums has seen that the really negative crowd here who just views a fingerprint sensor as a gimmick. That they'd rather keep typing in passwords, which can be really annoying at times. They don't want the innovation they're crying for.

Fingerprint sign in is flawed. If you have the slightest cut on your finger it won't register.

At my job we have fingerprint sign and we also were given a password. I usually sign in with my finger. But there are times where I have to enter my password because for whater reason my fingerprint isn't registering.

I can only imagine on a phone being more problematic.

 

[Clocks]

I have very sweaty hands and the fingerprint sensor on my hp elitebook works well

like sweaty to the point where i wont use an iphone without a case

You should get that checked out

 

[gotluck]

You should get that checked out

I'm afraid of the solutions, botox shots or the removal of a gland in my armpit is scary.

 

[MacDav]

Should we have only accepted credit/debit card technology once it was 100% certain? If so, we would still be using checks.

What? Checks are no longer used? I don't use them personally, but I watched someone write one at the checkout yesterday. It took about 20 min. to validate while the line continued to get longer by the minute. So unfortunately they still do take checks.

 

[adildacoolset]

Fingerprint sign in is flawed. If you have the slightest cut on your finger it won't register.

At my job we have fingerprint sign and we also were given a password. I usually sign in with my finger. But there are times where I have to enter my password because for whater reason my fingerprint isn't registering.

I can only imagine on a phone being more problematic.

I can imagine that a rejected fingerprint reading will give the option of a password. If your workplace can figure it out, then why can't Apple?

 

[Rossatron]

I don't think that this new technology would be so "backwards" so that when your finger print is stolen, you are forever compromised and have to revert to using password. What I think will happen, is that you will have a PGP style keys (your print being the private key) and be using your public one to interact with websites. And say your prints were compromised, what's stopping you from disabling the compromised keys, and generate a new set?

Don't forget, that the prints are associated with a particular device, which will authenticate your prints against your private key, which is stored on that device. When your private key is changed, the device won't have the new set.

 

[Hell0W0rld]

Oh man, now I'm really excited about the new iPhone.
goodbye extremely long and complicated passwords

And hello worldwide fingerprint database, NSA and CIA have already filed a formal request for cooperation with Apple.

 

[Nightarchaon]

It's just the next iteration of things. 20 years later we can easily find ourselves in a world where such sensors can be easily fooled by any "cool hacker" and millions of fingerprints are already stolen by some anonymous groups, not to mention Google street cars which were sniffing those fingerprints since day one. So the iPhone 26 in year 2032 will use something like DNA check instead of obsolete fingerprint sensors. )

So the lawgivers the Judges will be using by then will actually be iLawgivers ?

 

[AppleMark]

If someone steals your phone, a fingerprint sensor doesn't stop you from being able to cancel your credit card.

That is not what my post was saying.

Wouldn't you agree that fingerprint data is harder to steal than a keystroke?

No.

Keystroke theft, requires you to allow your device to be infected with software, or that you use an insecure device. Same as ATM's which are defrauded by the use of hidden cameras to film your PIN and then the card traps which steal or duplicate your card details.

Both above examples demonstrate that it is the individual that is more susceptible to fraud, than the current security itself.

You offer that theft of your fingerprint details would be harder.....? Why?

But if you really want to argue against it, then you have to present an argument that demonstrates it is unquestionably less secure than other current forms of security.

As soon as I hear an argument that demonstrates unquestionably in it's favour, I will oblige.

Care to give it a go?

 

[AppleMark]

And hello worldwide fingerprint database, NSA and CIA have already filed a formal request for cooperation with Apple.

I agree and have made similar comment before in other threads. However, not many people seem to [yet] understand the significance to even care.

 

[jameskatt]

Law Enforcement is going to Throw a Fit

When biometric methods are used to encrypt data, then Law Enforcement is going to throw a fit. It will make it much much more difficult to decrypt data files.

If the iPhone is given a fingerprint sensor, then other apps that encrypt the data securely - like 1Password - can use the sensor to ultra secure the data.

There is no back door to apps like 1Password. So data can be stored within it and not on the main apps in the iPhone. This then makes it impossible for third parties to decrypt your data since they won't have your finger.

----------

And hello worldwide fingerprint database, NSA and CIA have already filed a formal request for cooperation with Apple.

You don't have to use your finger. You can use your toes or other parts of the body. You can even use a special stamp that acts like a fingerprint.

 

[waldobushman]

You're really grasping at straws to find something negative aren't you?

99% of people will find this useful. I guess Apple should never have released the iPhone as it also requires use of a finger? The humanity!

It's not negative. It is certainly one of the Use Cases that every vendor will have to have a solution for, in addition to allowing users to authorize others to use, say in an emergency or handing your phone over to wife, because the call is actually to her or your driving, or any other reason.

 

[flux73]

That is not what my post was saying.

You have an incredibly short memory.

If someone steals or hacks a password of yours, you can change it. If someone steals your credit card, you can cancel it. If you have lost a key? You can change your locks.

Are you following me....?

No.

Keystroke theft, requires you to allow your device to be infected with software, or that you use an insecure device. Same as ATM's which are defrauded by the use of hidden cameras to film your PIN and then the card traps which steal or duplicate your card details.

Both above examples demonstrate that it is the individual that is more susceptible to fraud, than the current security itself.

You offer that theft of your fingerprint details would be harder.....? Why?

I was talking about the data itself. A single keystroke is a single data point. A fingerprint consists of many many data points. More data points=greater complexity, just like a longer password is harder to crack. If you're talking about cracking an encryption method, then sure a fingerprint profile can be stolen, but no more easily than a password. But in that case, the problem is not the input method (fingerprint vs password), but the encryption method. IOW, fingerprint security is not any LESS secure than current methods. And since it's not susceptible to a hidden camera or keystroke capture software, I would argue that it's MORE secure.

More to the point, having a fingerprint sensor on the phone doesn't mean you HAVE to use it. There is also PIN locking for the iPhone but I don't use it. I also don't complain about the iPhone having PIN lock capability.

As soon as I hear an argument that demonstrates unquestionably in it's favour, I will oblige.

Care to give it a go?

Um, I already said that it's unquestionably more convenient. Regardless, the impetus isn't on me to prove that it's better. You're the one bitching about fingerprint security. So prove that your complaint has merit.

I haven't seen Apple's implementation so I don't see what there is to criticize. I am interested in the potential benefits, for which you apparently do not see any.

Finally, if you had a solid argument, you wouldn't need to resort to smug retorts and sarcastic usage of smilies.