Touch ID: Better than the Password?

Fingerprint ID, iris scanners, voice recognition…in some ways it’s pretty cool to think that some of the security procedures Tom Cruise fought his way through at CIA Headquarters in Mission: Impossible are now common place in many smartphones and tablets.

On the other hand, just how much more secure are these verification methods than the good old fashioned passcode?

Using body parts to identify yourself to a computer seems to be the way things are heading (hmmm…perhaps I should have phrased that better…).

Just last week Yahoo announced they are working on technology that would allow your smartphone to recognise you by your own ear.

It’s based on the same idea that the Swiss Police have used to identify burglars who go up to window panes and press their ears up against them to listen and check if anyone’s home.

Then again, there have been reports of recognition sensors being vulnerable to hacking attempts. Such as when Samsung’s flagship S5 smartphone model was launched, with much ado about their fingerprint scanners. Only for security researchers from SRLabs to post this video to YouTube about how they were able to fool it:

We’ve always been told how important it is to protect your password. We must make it long and complicated, whilst walking the tightrope of risk that you will forget said complicated password 30 seconds after you’ve generated it.

And we must do that for each of our online accounts of course. My colleague Mike Tudor reckons he’s got over 150 of them. I’m not sure that’s normal, but I would take a punt and say most of us have got over 20 when you count social media, online shopping, and the annual Benedict Cumberbatch fan site subscription.

Microsoft have revealed they are trying to offer alternatives to the password for Windows 10 which is arriving later this summer. With such a major vendor’s backing, will we start to see the use of passwords being eradicated and ID sensors becoming widely adopted?

I decided to conduct a poll with my blog colleagues to see what they thought.

My question was this: How do you feel about passwords/ passcodes being replaced by sensors?

I asked them to choose the option they most agreed with (if they went for E I asked that they verify their choice by telling me their mother’s maiden name and first pet).

A) Yes! Death to the password! Raaa!
B) Cautiously in favour of using sensors – I believe it’s safer/easier than having multiple passwords
C) I don’t like the idea of using sensors – it’s a bit Matrixy…
D) I can’t see passwords being replaced anytime soon, so this is a pointless poll really…
E) Are passwords really that important? Everyone just uses the same one right?

Of the 12 responses I got, the results are pretty interesting, albeit inconclusive…

The winning majority was the ‘death to the password’ option A, with 5 people picking this one. But there was a caveat from Mike:

“I’m an unashamed A, BUT I also agree with D as I don’t think many people share my view. We’ll need something big like Facebook being compromised before people realise how password security affects them.”

There were 2 ‘B’s – Will made the good point that, “Finger prints/retina scans are unique and cannot be forgotten – unless you become a pirate and lose one eye and your right hand….”

There was 1 ‘C’ – Liam stated that he thinks finger print sensors and facial recognition are, “Very flawed. A friend of mine has fingerprint identification on his iPhone which he can unlock in his jeans pocket, and sometimes he even gets his dog to run his paw across the scanner.”

Bruisingly for my ego, 4 people had the cheek to tell me my whole poll was pointless, going for option ‘D’. Emma reckoned that “single sign-on services will be around for a good while yet, despite the push to use more modern tech. Plus I’ve seen Minority Report and I don’t fancy someone cutting my ears off whilst they’re nicking my stuff.”

Donald pointed out that I’d missed option F (the tecchie answer) which is “a hybrid of B and D – the future of passwords is two factor authentication. Passwords can be stolen and so can fingerprints, but a second code/password which only lasts a minute before being replaced is hard to crack (unless you also steal the fob supplying the 2nd code).

A feeling shared by Paul who said, “Two factor authentication is the way forward for business, but for most consumers the idea of ‘pick the method you are most comfortable with’ looks to be the way. Windows 10 (currently in preview) allows picture sign on which I use for tablets, passwords (old school) or a pin code, and you can add Two Factor to this via a mobile text code, which expires after a minute and is single use so ticks all the boxes.”

So, what do you think? Are you happy to continue managing your passwords or do you like the idea of sensor recognition? Or is there a better solution round the corner?