According to reports, there will be at least one other smartphone coming out with a fingerprint sensor this year besides the new iPhone. This phone has remained mysterious so far, and nobody really knows which manufacturer is going to make it, although we’ve heard some rumors earlier that it might be a device from HTC, but the HTC One Max could be considered more of a tablet, so I’m not sure if this is what the sources are talking about.
It seems that if Apple launches its new iPhone with a fingerprint scanner today, there will be more companies doing the same thing, soon. But the real question is how secure are fingerprint scanners, and will this be a good thing or a bad one?
First off, the iPhone is definitely not the first phone to have it. In 2011, Atrix 4G had it, too, but it didn’t work very well. I imagine even if Apple’s tech works a lot better, it won’t be perfect, and they’ll have to compromise between verifying the print very thoroughly, and not annoying the user too much with it. My guess is Apple will side with not annoying the user too much, instead of forcing them to put their fingers in there correctly repeatedly. But besides how “secure” this method of authentication is, there are at least a couple of other major concerns with it.
One is that Apple should absolutely not keep a “fingerprint database”. If they need a fingerprint database for this, “they blew it”, as Steve Jobs used to say. After the latest NSA revelations, about how they’re hacking into everything and anything, and with so many other hackers out there waiting to grab a database with tens of millions or hundreds of millions of fingerprints, it’s impossible for Apple to guarantee the security of that fingerprint database. Losing that fingerprint database would be more than catastrophic for the users, which leads me to the second point.
The second problem with fingerprint security is that if someone manages to steal your fingerprint somehow, it’s not like you’ll be able to “change” that fingerprint – unless you want to permanently damage your thumb’s skin so it’s not the same anymore, and have a new fingerprint, or use another finger for authenticating for the rest of your life. Because if you keep the same fingerprint tied to your identify, those people who stole your fingerprint will be able to use it, too. With a credit card, you can at least change it when someone steals it. It’s a lot harder to do that with a fingerprint.
I do believe we need to find other alternatives to passwords, but if fingerprints are the alternative, at the very least they should only be kept on the device, locally (and even that can be hacked). Personally, I like the idea of an NFC ring that can be used to unlock everything that’s in your hand or very close to your hand (and it’s yours), and that might be a better solution for the future.