
How Apple and Google will kill the password - ssclafani
http://www.computerworld.com/s/article/9206998/How_Apple_and_Google_will_kill_the_password_
======
myoldryn
Mobile ID isn't anything new. In my home country (Estonia) there is already
fully functioning mobile id system, which works almost with every mobile phone
and is considered as secure as smart-cards.

<http://www.id.ee/public/Mobiil_ID_animation/> <<< This clip shows how it
basically work.

EDIT: <http://www.ria.ee/27525> <<< some more info, if anyone is interested.

------
bpeters
Our phones would become our keys and passwords, and I am assuming they would
be the devices that read our biometric ID and then allow access to other
devices and services.

Only problem, and one preventing this becoming a real solution is the fact
that people lose and forget their phones. If I can't have access to my daily
services and devices without my phone then I am stuck in a worse position than
I was before passwords.

The solution to access and protection shouldn't come from a change in the key,
but a change in the lock.

~~~
ThomPete
Your phone is the one accessory you are most likely to be aware of.

~~~
spooneybarger
I know many people who go through 2-4 phones a year. They always lose it at
least once a year. Sometimes as often as every 3-4 months.

On the same kind of note... the keys to my apartment are the most important
thing I need to grab before I leave. Yet, once every 6 weeks I leave w/o them.
Any system has to recongize that the keys will be lost and make them fairly
easy to replace.

------
blahedo
My phone is both easier to steal and harder and more expensive to replace than
my passwords. Marvelous.

~~~
naner
So is your credit card. At least your phone can be locked.

~~~
Groxx
With a 4 character password, which won't keep out anyone with a bit of free
time. And remote-locking solutions are non-solutions for anyone determined and
intelligent - just stick it in a Faraday cage.

~~~
g_lined
I don't think much to the idea in the article, however I think it's worth
pointing out that iOS can be locked with a password instead of a PIN.
<http://www.apple.com/support/iphone/enterprise/>
[http://www.9to5mac.com/14318/Alpha-numeric-Passcode-on-
your-...](http://www.9to5mac.com/14318/Alpha-numeric-Passcode-on-your-iPhone-
and-iPod-touch) <http://wn.com/Alpha-numeric_passcode_for_iPhone> [video]

~~~
Groxx
I haven't heard of that one before, actually. That's interesting... and way
way _way_ more complicated than it should be to set up a better password.

Many thanks for the links, I'll certainly aim to do something like that if I
ever get an iThing. Know if it encrypts the contents of your phone too, or if
they do this by default? Otherwise, I'd think you could just dump the flash
memory.

~~~
daniel02216
I think the 3GS and 4G encrypt in hardware. Also, you can set your phone to
drop the key to wipe the phone if someone inputs the wrong PIN/password 10
times in a row. You don't have to worry about someone brute forcing it.

------
kia
Single page:

[http://www.computerworld.com/s/article/print/9206998/How_App...](http://www.computerworld.com/s/article/print/9206998/How_Apple_and_Google_will_kill_the_password_?taxonomyName=Mobile+and+Wireless&taxonomyId=15)

------
brudgers
Both visions require the surrender of vast amounts of personal data to private
companies and allowing private companies control of web access and fund
transfers. It is easy to see Apple denying your local adult emporium the use
of its system for purchases and it is even easier to see Google ID's used to
tailor search results in line with Google's commercial interests (since that
already happens).

~~~
CoffeeDregs
Two notes:

1) The article spoke mostly about the phone being used for authentication.
This doesn't necessarily mean that the authentication system has vast amounts
of PII.

2) If the authentication system does become the repository for vast amounts of
personal data, then the concern is really for consolidation. You've already
surrendered vast amounts of data to Visa, Amazon, Google, Apple, NetFlix, etc.
Seems you're worried about it being consolidated.

~~~
brudgers
The ability to link an individual's financial data and purchasing history
directly to their a complete history of their internet use would appear to be
the one ring to rule them all in terms of advertising and data mining.

I agree there is nothing that necessitates a phone based authentication system
requiring vast amounts of PII. However, there are strong incentives toward
collecting it and both companies have a history of doing so whenever possible.

------
guptaneil
Life is just full of coincidences. I was just discussing how my iPhone should
be able to replace my passwords last night, and wrote a blog post about my
ideal car that is controlled by my phone.

My only concern in both of these cases though is what happens when my phone
runs out of battery? Nobody seems to have an answer for that.

------
martyhu
The problem I see with this isn't having to carry your phone around everywhere
- its the biometric system itself.

Biometric systems are much less usable than passwords. Users often fail them
by doing things like putting their fingers in the wrong place on the sensor or
by not looking directly into the camera.

I think probably that users will need to be somewhat trained in order for this
to work well. Probably the hackers will train themselves too.

Stealing fingerprints from someone at a bar? Not so farfetched.

------
dangero
More likely scenario in the next 10 years would be making purchases with your
phone by entering a password or pin on the screen of your phone to confirm.

The Biometric portion is a little bit sensationalist at this point because the
less invasive Biometric techniques are not accurate enough to verify with 100%
accuracy that you have your phone in your pocket. If I have to take a photo of
my eye to complete the purchase using my phone, I think I'd rather enter a
password.

I think the easiest way around the biometric thing is to put an NFC chip under
the skin to handle a public/private key exchange. This is the best way to
verify your identity because even a DNA test would not prove that you are
present in any way.

~~~
il
The reason ATMs don't have fingerprint readers is that thieves would cut off
fingers. A chip under the skin would lead to similar unpleasantness.

~~~
hrktb
They do in some countries. The problem seems to be the upgrade of your ATMs
all over the country and all third party ATMs to add a biometric reader too.

------
Groxx
Meh. We were told the same thing about voice recognition, RFID, and computers
in general. I'll a) believe it when I see it, and b) still want more control
over things like this, which will likely require a password in some form.

------
alanfalcon
That'll be great until you drop your phone in a river or the battery dies.

------
jefe78
This is old news. I've been doing this for years with my phone's blue-tooth +
proximity detection.

------
j15e
MasterCard paypass does a great job so far for paying fast

~~~
beoba
To avoid someone making a 'contactless swipe' of my credit card information, I
drilled the chip out of my card:

[http://consumerist.com/2007/08/how-to-de-rfid-your-credit-
ca...](http://consumerist.com/2007/08/how-to-de-rfid-your-credit-card.html)

------
xorglorb
And in 4 years, you will see this title instead:

Mobile phone theft rose 1200% in 2014, is the password the way of the future?

------
contextfree
I've heard this sort of thing has already existed in Japan for some time?

