1. Digital authentication for purchasing is moving towards non-transferable biometrics ( i cant divulge my thumbprint like i can my pin )
2. Goods of all kinds are being delivered faster
The scary thing for me is that thieves love goods delivered quickly, so they can turn them quickly, and cut down on their ability to get intercepted.
So what does the 'mugging' or identity theft of tomorrow look like? Am I taken at my doorstep and forced to make purchases from my phone with my thumb, while a drone arrives 10 minutes later with 10 iPads OR do I have my phone stolen and thumb lopped off with tree clippers so the fraudster has more time? What happens as retinal scanning becomes more common? What if it is my blood that unlocks my finances & credit?
edit: i've heard thumbs are available for purchase
reply
Necessity is truly the mother of innovation.
It's an interesting topic as we've seen in recent news coverage that authorities can compel the accused to provide a thumbprint to give investigators access. While this may be in accordance to something like password authentication, I'm still concerned about the ramifications. For example, what if authorities compel accused individuals to store their thumbprint rather than use it directly? Is that possible? And how will it be protected?
Yes you can. In fact, it's a lot easier for you to do so involuntarily.
EDIT: And, it should be noted, once it has been "divulged" or otherwise compromised, it's a lot more painful to change your thumbprint than a PIN or other non-biometric password.
Truthfully, lots of different scannable areas will unlock a phone. I've successfully and reliably configured my toes, the knuckles on my hands, and the tip of my nose. All of them work pretty good.
Unless observed using biometric security in a specific manner, an adversary might have a hard time deducing what kind of print will provide access.
Even if they've determined that the phone contains biometric scans tied to security, how would they know it's yours, and not someone else's, or even a specially printed 3D key ring fob or something?
Then again, criminals don't always think deeply about such details during a crime. They might just chop off both hands, grab the phone, and figure out the rest on the run.
For me, with the banking apps on my phone for example, I use my fingerprint to get into my phone and then manually type in the password. Seems like the best combo to me for mobile security. (Not that I'm worried about it, I'm just security minded.)
Also before this technology, people kept credit cards in their wallet, which suffered the same fate from house hooligans. And before credit, people did keep $250 in their wallet.
I guess the credit card part is true; around here most people have debit cards with PINs, and which can't be used remotely, so it's unlikely a six-year-old could use it without their parent's consent. Then again, around here those parents would have the legal right to return all those purchases.
What's up with that? Isn't there a law that limits liability for unauthorized purchases to $50? (And don't most banks and credit cards just make it $0?)
http://www.reuters.com/article/us-apps-kids-idUSBREA2U0M9201...
As for the question of liability, there's usually a proviso for taking legal/criminal action against the perpetrator. Even if the parent wanted to take action against their child, being below the age of criminal responsibility, the parents may be legally responsible in any case.
The lock in your bathroom isn't meant to secure the bathroom. It's just a way to ensure that people get the message, "please don't enter".
A fingerprint on a phone is a way of saying the same thing. This phone isn't meant for common use, please don't enter.
A username is an identity. Historically due to the difficulty of verifying identities online, we have used passwords as a way to do so. And when all we need to do is verify an identity or control basic access levels (the bathroom lock!), a fingerprint is absolutely good enough. But a password is more authorization than authentication: requiring a password is appropriate when you need a conscious decision, not mere identification. Such as for paying for Pokémon toys.
So essentially what I'm saying is that I agree with you.
I deal with this in my industry (telecommunications). Just because you've provided proof of identity (eg your phone number, account number), there are still things you're not allowed to do until you've authenticated your right to perform an action. This is accomplished through a password, a PIN, etc. Something in addition to identity that indicates intent and authority.
On a phone, it's an interesting shift because with a PIN, we essentially bypassed the need for identity and used only a password; regardless of who you are, you can get in if you have the right key.
With the move to identity being sufficient to unlock a device, we're saying that just on the basis of identity, the authority that used to come with authentication (sans identity) can be granted. It's a 180 degree turn.
I don't see a way on my iPhone 6s to require both Touch ID and PIN; it's one or the other. Very few interactions require both, i.e. after a restart it requires the PIN before Touch ID will work.
A laser cutter I used to work with had two switches, one of which was a safety switch (like [1]) to prevent accidental activation. The goal here isn't security. It's a design decision to prevent accidents. It's almost a kind of intentional inconvenience.
[1] Safety switch with cap prevent accidental switching: http://acuteelectrical.com.au/safety-switch/
It feels like there's a bit of a spectrum, though. The lock on a houses door won't prevent a determined criminal, but it sends a very strong signal and is inconvenient to break.
Perhaps we should thing of there as being multiple dimensions to locks, such as security, signaling, effort to circumvent, and convenience? (Perhaps also conscientiousness in disabling, in relation to @saosebastiao's point.)
If someone wants into YOUR phone, they'll get it. If someone wants into A phone, a thumbprint may be plenty.
Or she made it up.....
I have a small child that's been coming up to me with my phone and trying to nonchalantly guide my finger to unlock it since she was 4. She's never done it in my sleep (that I know of), but I don't for a second doubt she'd be able to do it if she was motivated to.
I remember loving the TV as a kid but recall that somehow, magically, my parents kept me off it outside TV hours without use of a password. I need to figure out that secret before its too late!
My parents were worried because I spent too much time reading, I've known people who's parents were worried because they spent too much time with music, or painting, or with friends, or playing football, or swimming, etc...
Children find things they like and explore them. Yes, as a parent your job is to get them to try a wider range of things and open them up to other stuff, but it's not 'screens' that are suddenly a new danger.
TL;DR - If kids can't see it, it doesn't exist.
It really does encourage you as a parent to have discipline with not only their screen time but your own as well.
(Similarly for the DailyWTF stories that people often claim can't be real. Well, even if the story you're looking at is made up, it's still happened a dozen times in the last week. Count yourself lucky that you can react in disbelief to these sorts of stories.)
(As an aside... who the hell decided that autoplay video/audio was legit?! Yeah, I'm an old guy... and once upon a time that sort of thing was avoided... but really.)
I don't entirely disagree but really, in the context of a fairly trivial matter for anyone who isn't the person in question, what's the difference?
For example, I found a 20 euro bill on the ground at the ATM the other day. It makes no difference to you whether that's true - it only makes a difference to me and the person that lost the bill. At best it serves as a cautionary tale to those that don't pay attention to their money at the ATM.
If the story is plausible (that is, possible and not unlikely) and isn't particularly exceptional (such as, "click here to find out about obama's secret slave trading circle"), what's the difference?
That is, what is the concrete difference, to you and anyone commenting here, whether that child really did that or not? It's not unlikely enough that it would not occur. And we've seen a lot of very real stories about children stealing credit cards to spend hundreds or thousands on mobile games. And if you don't believe those either I can give you a personal account: When I was a kid I repeatedly broke the parental phone lock to call expensive numbers on the TV.
This is an iteration of the same thing.
(Autoplay is the scourge of the internet and sites that autoplay audio or video should be treated the same as, say, sites that use the blink tag)
At least <blink> didn't cause my browser to spontaneously start making noises.
It was? I remember websites showing off their ability to make your browser automatically play background music as early as the late 90's / early 00's.
1. Digital authentication for purchasing is moving towards non-transferable biometrics ( i cant divulge my thumbprint like i can my pin )
2. Goods of all kinds are being delivered faster
The scary thing for me is that thieves love goods delivered quickly, so they can turn them quickly, and cut down on their ability to get intercepted.
So what does the 'mugging' or identity theft of tomorrow look like? Am I taken at my doorstep and forced to make purchases from my phone with my thumb, while a drone arrives 10 minutes later with 10 iPads OR do I have my phone stolen and thumb lopped off with tree clippers so the fraudster has more time? What happens as retinal scanning becomes more common? What if it is my blood that unlocks my finances & credit?
edit: i've heard thumbs are available for purchase
reply