Since iOS 8 was made available last month, numerous organizations have jumped on the Touch ID fingerprint bandwagon and updated their applications with Touch ID support. I think this is a step in the right direction, as passwords are slowly becoming a thing of the past. Today, passwords are easily hacked by most cybercriminals. Not only are passwords weak protection against breaches, the sheer volume of passwords people need to remember these days makes them difficult to remember.
By contrast, local fingerprint biometrics stands to increase security and convenience, as well as drive more application usage. However, biometrics still has lot of hurdles to overcome before it can be widely deployed. After all, passwords continue to be a popular login option in almost all Touch ID deployments. You therefore have two ways to access your Touch ID account: use the same password door as before, or use the fingerprint door.
Featured Download: Social media access at work. Do your employees know the rules?
An important different between passwords and Touch ID is while the former allow customers to login from any device, the latter is only available on some phones. That being said, I don’t think that Touch ID alone should be considered replacement of two-factor authentication. 2FA is like two locks on the same door, and the second lock acting as a remote authentication method.
Apple Pay is example of why Touch ID should not be the only security layer for protecting sensitive data, such as that transmitted via financial transactions. Apple didn’t spend much stage-time explaining the tokenization process of Apple Pay, but it’s that particular feature of Apple Pay which is the real security innovation. It’s seen as one of the most secure and fraud-proof payment mechanisms available. Tokenization removes the actual credit card number and replaces it with a randomly generated number. With this in mind, Apple may have been able to come up with Apple Pay without Touch ID, but it could not have done so without tokenization.
At Easy Solutions, we have incorporated Touch ID into our mobile authentication products to provide additional convenience and security when responding to a push authentication request or unlocking soft token codes. Push authentication verifies our client’s end-user identity and devices via push notification sent through a secure communication channel. Touch ID will clearly increase the level of trust of the user’s identity compared to a PIN or, as we have discussed above, any password.
Support for the Android-based Samsung Galaxy S5 is scheduled to go live in the coming months.
By Damien Hugoo, Product Manager, Easy Solutions
Prior to Easy Solutions, Damien held product management roles at FIS, the world’s top provider of banking technology, where he most recently lead all aspects of product management for 2 online banking products that served over 600 financial institutions in North Americ
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.