Earlier in the year, I highlighted the importance of using unique, complex passwords for securing our online identities.
This is especially true for mobile devices. Many of us today use our phones for the bulk of our online activities. This is very convenient, of course. But it does mean that our online life lies behind a single password. Once we unlock our phone, we have access to everything else - e-mail, Facebook, Twitter and more. And so does anyone who steals it, or picks it up where we left it.
So if we don't protect it properly, then from a security perspective our phone becomes a single point of failure.
Unfortunately, many people leave their phones unprotected altogether. Those of us that that do protect them often rely on a four-digit PIN. Few of us use a complex passcode that matches the criteria outlined in my earlier post.
So what about the fingerprint scanner included in the iPhone 5S; will this bring enhanced security to Apple customers?
Fingerprint scanners aren't new. A number of laptops have offered this as a form of log-in for some time now, but it hasn't really caught on as a way of replacing passwords. Apple's adoption of this technology might change this - and not just because they have a lot of customers. The key factor, in my view, is that Apple isn't requiring any change in behaviour in order to use the new Touch ID technology. Users have to press the 'Home' button anyway to access the device. The only difference with the iPhone 5S is that, when we do, it reads the fingerprint instead of us having to type a passcode - requiring no additional time or effort. So Touch ID may well have the effect of increasing the level of security for most people using an iPhone.
There's a flip-side to this though. If my passcode becomes compromised, I can simply replace it with a new one - hopefully one that's more secure. But I can't change my fingerprint - it's part of what I am and so I'm stuck with it. So if someone is able to fool a fingerprint reader by spoofing the fingerprint (the Chaos Computer Club has indicated that it bypassed the security using a fingerprint read from a glass surface), I can't just find a new fingerprint. If the Chaos Computer Club has indeed found an easy way to circumvent the Touch ID technology, then it would suggest that Apple's 'highly secure' implementation may not be secure enough. Because of the nature of fingerprints, we effectively leave our 'passcode' everywhere we go. So unless a fingerprint reader is able to fully distinguish between a real finger and a fake one, a fingerprint scan may turn out to be a poor substitute for a password.