The iPhone 5s fingerprint reader: what you need to know
By Rich Mogull
So Apple has announced that it’s building
a fingerprint reader into its new flagship smartphone, the
iPhone 5s, calling that technology Touch ID. Here’s what you need to know about it.
How does Apple’s Touch ID fingerprint sensor work?
There are a few different fingerprint-sensor technologies out there, with optical and capacitance readers being the most common.
Optical readers take a picture of your fingerprint with a digital camera. Apple chose a capacitance reader, which is far more interesting.
A capacitance fingerprint reader leverages a handy property of your skin: The outer layer of your skin (your dermis), where your fingerprint is, is non-conductive, while the subdermal layer behind it is conductive. When you touch the iPhone’s fingerprint sensor, it measures the minuscule differences in conductivity caused by the raised parts of your fingerprint, and it uses those measurements to form an image..
Apple embedded this sensor in the Home button, and added a ring to turn it on and help reduce signal errors. I suspect that the ring also adds a little current to your finger to help boost and clean the signal.
It appears to be a great design. Most other portable readers I’ve used in the past were optical, which is easier to fool (sometimes a good photocopy will work), easier to break, and more prone to error (thanks to smudged glass and other factors).
Does my iPhone store my fingerprint?
Apple says no, and here is what I think is going on. Typically, your fingerprint is scanned and run through a mathematical algorithm that creates a fingerprint template. This template is a representation of part of your fingerprint; it isn’t a stored image.
Better yet, most advanced systems run this template through a cryptographic hashing algorithm, as they do for passcodes, and store that result. To add even more security, during hashing it is combined with a unique or random number to make recovery even harder. Since your iPhone already does this with your passcodes (using a special device ID embedded in your hardware), I suspect Apple uses the same process for your fingerprint template.
Every time you scan your fingerprint, the phone runs through the same algorithmic process and the result is compared with the stored hash. Not only is your actual fingerprint not stored, but it’s likely really hard or impossible to recover even if the NSA gets your phone.
I’m assuming a few things here, but they’re educated assumptions based on how Apple manages passcodes today.
Is a fingerprint more secure than a passcode?
Fingerprints are both more and less secure than passcodes. A fingerprint is more secure since it is effectively impossible to guess. It can be less secure since, if someone steals it once, they steal it for life.
It also depends on how the fingerprint is stored. If the template is large (as in longer than any passcode you would ever care to remember), and properly hashed, salted, and stored, it is definitely more secure than a passcode (until a
S.H.I.E.L.D. agent lifts it off your vodka martini glass at that casino in Morocco).
Finally, both passcodes and fingerprints are still forms of single-factor authentication. That means you only need one thing to break into the system. Really secure systems require multiple factors, such as a passcode and a fingerprint.
Does this mean I don’t need iOS passcodes anymore?
No, passcodes are still here to stay. For one thing, you need a way back into your iPhone if you lose a finger (or cut it in the wrong spot) or break the sensor. But, effectively, you won’t need to use your passcode day to day. We’ll have to see how Apple handles alternate recovery options; I suspect you will still use a recovery passcode.
Corporate users may also still be required to use passcodes, and people who might be targets of fingerprint theft (remember, the Department of Defense uses iPhones now) probably don’t want to rely only on passcodes.
What about my iCloud and iTunes Store passwords?
Because you access Apple’s cloud services from multiple systems, not all of which have fingerprint sensors, you will still need passwords for them. However, based on what Apple has said and shown, you can use your fingerprint to authenticate purchases and actions from your iPhone 5s. Odds are that Apple will store your iCloud and iTunes Store passwords in your iPhone keychain, then use your fingerprint to authorize access to them. This is similar to how OS X and iOS have always handled stored passwords. It is also consistent with Apple’s emphasis that your fingerprint never leaves your device, and isn’t stored in the cloud.
Can other apps and services use my fingerprint?
Apple has stated that other apps will be able to use Touch ID, but also that said apps will never access your fingerprint. Again, I think these apps will probably use the iOS Keychain. Apple may also open up the API to allow apps to access the Touch ID sensor itself, or, more likely, to have iOS authenticate you and pass along the result. Finally, many apps and services, such as Twitter, use a standard called
OAuth to allow access without exposing your username and passcode on the device. This won’t change, but perhaps there will be a new API call so such apps can check to see if you unlocked the phone, and it wasn’t merely laying around for someone to access.
Why is this so exciting?
There are two reasons this is so exciting. First, this now means you won’t have to enter your passcode before you can do simple things like texting. As Apple has said, only about half of iPhone users use a passcode at all, and I suspect most of them use a simple four digit PIN. Your fingerprint is a far more secure option, and putting the reader right in the home button makes it more convenient than swiping your phone to unlock it.
It is yet another example of
Apple making security invisible. Over the next few years I think it is safe to say that most iDevices will include a Touch ID sensor, placing strong security into everyone’s hands.
But take this a step further. Although a fingerprint alone isn’t necessarily more secure than a passcode, combining a fingerprint and a security token counts as strong authentication. Some of you already use your iPhone as a security token with your bank or services like Dropbox or Google Authenticator that send one-time codes to the phone registered with your account.
Now all those services could eventually have the option (depending on Apple) of using both your fingerprint and your device to authenticate you. Apple may be placing strong, biometrics-enabled authentication in the hands of masses of consumers. During Apple’s announcement, the company clearly stated that it considers phones to be keys, which indicates it’s heading down the path of making your phone, and your fingerprint, the keys to your digital life.
And perhaps your physical life, too, as door locks, home alarms, payment cards, payment systems like Passbook, and other codes and credentials are stored on your phone and made accessible using everything from WiFi and LTE to short-range Bluetooth protocols. Touch ID could be game-changing in the long run, and I’d expect other phone manufacturers to follow that same path, to the point that unlocking your phone with your fingerprint to access online and real world services will someday seem entirely normal.