Will fingerprints be the passwords of the future?


Date: 2 October 2013

Broken finger? No iPhone?{{}}

Apple's iPhone 5s has one particularly striking new feature. There's a fingerprint reader built into the phone's home button, which means you can unlock the phone and authorise purchases using your fingerprint instead of having to tap in a code or password.

As with many of Apple's apparent innovations, this has been done before. Motorola's ATRIX handset has a fingerprint scanner and that launched in 2011. The only problem was reviews found it to be unreliable.

Easier than passwords

First impressions of the iPhone's fingerprint scanner, on the other hand, suggest that it works very well. If it proves reliable over time, then the new iPhone could be the first in a wave of products that bring fingerprint recognition to the masses.

At face value, this is A Good Thing. Who hasn't struggled to recall an impossible-to-remember password at some point or other? As we've said before on this very blog, 'passwords are fundamentally broken'.

Are fingerprints secure?

Before we start using fingerprints for everything from mobile phones to internet banking, some experts reckon it would be an idea to think through the implications in a little more detail. After all, your fingerprint is very different to a password because it can't be changed.

Data protection expert Johannes Caspar put it well in a recent article for German newspaper Der Speigel:

"The biometric features of your body, like your fingerprints, cannot be erased or deleted. They stay with you until the end of your life and stay constant — they cannot be changed. One should thus avoid using biometric ID technologies for non-vital or casual everyday uses like turning on a smartphone."

In short, your fingerprint is a one-shot deal. Once it's compromised, that's it.

As if to back up his point, a hacker club already claims it's managed to fool the iPhone's fingerprint reader by taking a photo of a fingerprint and using it to create a fake finger.

But if that's the case, surely it's silly to rely on fingerprints to provide any sort of meaningful protection at all. Using a fingerprint to authorise a bank transfer? Forget it. Controlling building access via fingerprints alone? Probably a no-go.

Then — of course — there are other fringe concerns about relying on fingerprints. The Daily Mail (who else?) warns iPhone thieves might start lopping off people's fingers. And what do you do if you've hurt a finger (pictured)?

Convenience trumps security

Ultimately, the arguments over the stength of fingerprint-based systems are likely to be trumped by the convenience factor. If using your finger to unlock your phone is easier and faster than tapping in a code then people will use it.

It's unlikely fingerprints will ever be used for authentication in more critical circumstances except when combined with something else. This 'two-factor' authentication usually requires something you have (your fingerprint) and something you know (perhaps a password or PIN).

So, get ready: the fingerprint revolution is on the way.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.