

Apple's new Fingerprint Sensor - win_ini
http://rothy.tumblr.com/post/60365940577/apples-new-fingerprint-sensor

======
scrumper
_But on my iphone? 1password has had to integrate it’s own browser on it’s iOS
app that i need to use if I want a simple way to login to all my sites._

Please edit the post, this is just ghastly.

I would love something like this. I hate signing into apps (mobile banking, in
particular, is a pain). It'll end up being up to app developers to integrate
the new fingerprint APIs though, and I bet you my bank still decides that
their stupid username, password, 3 random letters from a 'memorable word'
scheme is more secure.

~~~
win_ini
Sorry - I wrote this up a bit haphazardly and set it to post. Fixed it up a
bit, sorry.

~~~
scrumper
Thanks for fixing. It was a good post otherwise!

------
leephillips
If Apple's hardware implementation is as good as my two year old Motorola
Atrix, their customers will love the fingerprint reader. But I, for one, would
never entrust all my passwords to Apple's closed source software, especially
given their record in the area of software quality control.

~~~
epistasis
I currently do trust a good portion of my passwords to OS X's Keychain app,
because based on my knowledge I'm fine with their record of software QC. What
am I missing?

~~~
leephillips
[http://news.ycombinator.com/item?id=4916627](http://news.ycombinator.com/item?id=4916627)

~~~
epistasis
Thank you for a thorough reply. IMHO, these bugs do not differ in severity or
frequency when compared other closed source software vendors or from open
source projects.

The iCloud aspect does bother me quite a bit though, particularly when
combined with likely NSA backdoors.

~~~
leephillips
The Finder bug I linked to actually deleted the source file before checking
that it was moved successfully to the destination. The unix "mv" command
predates the Finder by 30 years or so, and gets it right, of course. This is
an elementary, student-level blunder that made it in to the Finder, the center
of the user's interaction with the system. A lot of people lost a lot of data
as this bug remained uncorrected for months. There were similar bugs in Mail,
getting IMAP semantics wrong and deleting messages. Anyone who offers an
assessment of Apple's software quality control at least needs to take this
history into account.

I'm sure that there are open source projects out there that are just as bad. I
don't use those. The ones I do use, like mutt, don't contain this level of
blunder. It's not that we should expect software to be free of bugs. It's just
that the nature of these Apple bugs suggest a cavalier attitude to software
quality and a severe lack of testing. Combine this with closed source and a
critical security function, and you have an explosive mixture.

------
tbenst
Almost ten years ago I bought a Logitech keyboard with a fingerprint reader.
People were saying that fingerprint readers would be the end of passwords. The
keyboard came with a nice piece of software that automatically entered
passwords on websites upon a verified fingerprint.

It didn't happen. I would attribute it to two main frustrations: the readers
only worked inconsistently due to particulate build up, and would occasionally
have false positives. I think false positives are an inherent risk with
fingerprint readers and in any case are not suitable for security as lifting a
fingerprint from someone unwittingly is easy.

See the Mythbusters episode on stealing a thumbprint:
[http://www.youtube.com/watch?v=3Hji3kp_i9k](http://www.youtube.com/watch?v=3Hji3kp_i9k)

~~~
gcr
What's worse: if someone can get to the software fingerprint image stored in
the computer, they can create fake fingers that work in conventional
fingerprint scanners.
[http://youtu.be/K1Sx_BmfZ8I](http://youtu.be/K1Sx_BmfZ8I)

Having a stolen fingerprint is worse than a stolen password. For one, people
tend to trust fingers more; for the other, it's impossible to change your
fingerprint, unlike your password.

I really can't trust these kinds of consumer technologies until their
designers use revocable biometric systems to protect the fingerprint template.
That area of the literature is quite well studied, but everyone seems to
ignore it.

~~~
adolph
Just use a different finger.

You get ten revocations before you have to take off your shoe.

~~~
gcr
Some governments etc. force you to submit to giving fingerprints of all ten
fingers. If an adversary steals just that biometric database, you're done.
That's it. No more fingers to use.

Any civil worker who takes fingerprints isn't going to let you put your foot
on the fingerprint scanner to verify your identity, and the next customers
certainly don't want to touch the device after you've had your way with it.

~~~
adolph
Well sure, great points! Nonetheless, for those not living in dystopia a cell
phone fingerprint login may be handy.

------
draugadrotten
Fingerprints are great as a security token, but they should not replace
passwords completely. Together with a PIN they will be useful.

"Led by Stephanie Schuckers, an associate professor of electrical and computer
engineering at Potsdam, N.Y.-based Clarkson University, the researchers tested
66 Play-Doh copies of real fingerprints of 11 different people. The fake
fingerprints were verified as the real deal 90 percent of the time."

[http://www.informationweek.com/biometric-readers-fooled-
with...](http://www.informationweek.com/biometric-readers-fooled-with-fake-
finge/175001741)

~~~
Someone
Almost 8 years ago. Fingerprint readers could have improved since then (the
article even points out that they have software in the lab to do so). Anybody
know how good the current crop of HW/SW combinations is?

~~~
gcr
Sure, the high-end fingerprint scanners are reasonably good at this sort of
liveness detection (eg. by detecting the pulse of blood flow or by inferring
something about the 3D structure of the fingerprint so you can't just hold up
a picture), but the cheap $20 scanners that many businesses use aren't going
to be able to distinguish a real from a fake.

~~~
DannoHung
My girlfriend uses an app that lets her detect her heartrate by putting her
finger in front of her camera while the light on the phone shines. I don't
really see why whatever they're putting into the phone couldn't do something
similar.

~~~
kalleboo
So hold your finger behind a gel with the fake fingerprint.

Mythbusters tested a bunch of fingerprint readers and they could break even a
few of the ones with "life" detection.

------
apaprocki
I think prior to release lots of people will lean towards dreaming about
fingerprint recognition being built into the glass touchscreen, but I do not
think the tech is miniaturized enough yet. I looked into this a while ago and
all I could find were a handful of Polish researchers using ultrasound
technology which required ultrasound guns around the edges of the glass which
reflect the beams off the fingerprint:

[http://www.optel.pl/article/english/article.htm](http://www.optel.pl/article/english/article.htm)

------
grecy
In 1997 I got my first job at the local Safeway.

To sign on and off, I would enter my 6 digit employee number into a pin pad,
then scan my right index finger.

It worked about 99% of the time, and mostly only failed because I worked in
the meat dept. and often my hands would be extremely hot and wet from soap &
hot water, or frozen and numb from handling meat all day. Then I would just
use my left index finger.

It worked great in 1997, I see no reason it can't in 2013.

~~~
justincormack
Not so convinced, sometimes use a Bloomberg finger login and even after they
changed it to the high sensitivity setting I can only manage 50% so I won't go
for any fingerprint solution.

~~~
apaprocki
It also depends which sensor version you have -- my older unit was terrible
after a number of years of constant use but as soon as I upgraded to one of
the newer ones, it was snappy and worked much better.

------
songgao
I don't think it's a good idea to use fingerprint as a way to authenticate.
Fingerprint is not private data. By "private", I mean as private as a private
GPG key. Any fingerprint is able to read a fingerprint as long as you put your
finger on it. When there're more fingerprint powered applications, it's gonna
be really easy to steal credentials.

You may use a passphrase. But that would be as secure as using a passphrase
alone.

Fingerprint is the public key. The private key would be your hand + your
physical presence. However, since fingerprint itself is public, you can't rely
on fingerprint to identify physical presence.

Unless, you make fingerprint private enough. For example, permanently attach
something on to your finger. Instead of providing your fingerprint to third-
party application, it generates a key pair based on your fingerprint, and use
these keys for authentication.

------
smackfu
I wonder if Apple's data shows that most people don't use passcode locks?

------
raldu
While fingerprints might work as a proof of identity, they should not be a
replacement for passwords. Identity is who you are, passwords are
authentication, and they are better when kept separate. Besides I cannot look
at this issue without being paranoid: Apple is one of the companies that
comply with the PRISM program. By putting your fingerprints in their products,
you are just giving away more data for survelliance and creating a security
"issue" rather than solution. Do we really need this?

~~~
hnriot
but authentication is identity. a password does nothing more than identify you
by something supposedly only you would know.

and yes, we need this. convenience is the antithesis of security, so anything
that builds a bridge for more users is welcome.

~~~
raldu
Identity is something that can be seen public. Authentication is a way of
proving that you are "the" person who is supposed to get the access to the
system. When your identity is stolen in a system where identity is equated
with authentication, you are the one who is responsible for "thefts" actions.
Users can be held responsible for their actions only when identity and
authentication are kept separate. An article that explains this point in more
detail: [http://technet.microsoft.com/en-
us/library/cc512578.aspx](http://technet.microsoft.com/en-
us/library/cc512578.aspx)

------
iQuercus
I genuinely wonder if with the increase in fingerprint biometrics we will see
an increase in crimes resulting in missing fingers?

------
kmfrk
The more layers of security, the better. A while back, I expressed delight at
the potential scenario of using NFC as a layer of security using proximity as
a parameter.

I'm sure Apple are aware that storing the "plaintext" equivalent of a finger
print would defeat the entire purpose.

~~~
lurkinggrue
I'm using lastpass with Yubikey 2nd Factor.

What's great is there is an NFC Yubikey that I just put close to my phone to
get the phone version of LastPass to auth.

------
adolph
There seems to be a lot of focus on replacement of keylock. The wonderful
thing about the fingerprint reader is that it effectively enables both the
username and password and makes for a much simpler path to supporting multiple
users in future iOS releases/devices.

------
sliverstorm
The thing about biometric security that always makes me uneasy: when your
"password" is compromised, you can't reset your fingerprints.

~~~
gcr
That's exactly why "revocable biometrics" are so important. There are ways of
combining a fingerprint and a password to combine the security of using both
with the revocability of an ordinary password:
[http://www.wjscheirer.com/papers/wjs_icb2009_bipartite.pdf](http://www.wjscheirer.com/papers/wjs_icb2009_bipartite.pdf)

~~~
harlanlewis
Thanks for sharing the PDF. This isn't a subject I know much about but curious
to learn more.

Bipartite biotokens do seem significantly more secure than naked biometrics,
but I'm not sure I understand the benefit if security still boils down to user
passwords, especially if one assumes that any static security component will
eventually be compromised.

Using the password to salt the original biometric improves privacy and
security, but there are a lot of other ways to compromise biometrics - people
look at a lot of cameras and leave a lot of fingerprints, and existing
biometric systems (while improving) are fooled by photocopies.

~~~
gcr
That's true. It all boils down to whether you have more information than the
adversary. By default, you have both a password and a biometric; with the
biotoken strategy, authentication requires both. If you lose your password
(eg. password database being compromised, doesn't require local access), only
your biometric can protect you. With biotokens, the idea is that if the
biotoken fingerprint database is compromised, the adversary can't get any
useful representation of your fingerprint, even if they have your password.
Sure, as you say, you can lose your fingerprint if your attacker tails you at
the coffee shop to lift it from the glass table or your discarded coffee mug
("local access"). But now the adversary has _all the information_ that you do
-- your password and your biometric -- so you're doomed no matter what.

Boult and Scheirer, the author of the above paper, gave a great tutorial about
these kinds of privacy/security issues at 2011's International Joint
Conference on Biometrics (IJCB), if you're interested about learning more.
Both happen to be my former advisors too ;)

Tutorial:
[http://www.securics.com/~walter/IJCB2011/](http://www.securics.com/~walter/IJCB2011/)

Slides, "Part I: An Overview of Issues Related to Biometric Privacy and
Security" [http://www.securics.com/~walter/IJCB2011/IJCB11-tutorial-
par...](http://www.securics.com/~walter/IJCB2011/IJCB11-tutorial-part1.pdf)
"Part II: A Survey of Template Protection Technologies"
[http://www.securics.com/~walter/IJCB2011/ijcb-survey-
templat...](http://www.securics.com/~walter/IJCB2011/ijcb-survey-
templates.pdf)

------
barista
But but iPhone is not he only device I access many sites from. What if I need
to sign into the website from my PC and need to use firefox or IE for that?

~~~
kschrader
The fingerprint sensor auth will just fill in the form fields with your
username and password. You can sync these over to your desktop machine and use
them like you usually would there.

~~~
Zelphyr
Also, as the post alludes, if they can figure out how to integrate the
fingerprint sensor into the touch screen itself then they could, in theory, do
the same with your touchpad on the Mac. So authenticating on your desktop
would be the same as the phone assuming you were using a Magic Mouse or Magic
Trackpad.

~~~
skyebook
That would be _amazing_ , having a password+fingerprint option built into my
laptop.

