With yesterday’s announcement by Apple of the new iPhone 5S, featuring Touch ID, their embedded fingerprint sensor, we are seeing an important change in the modern authentication landscape. Some of the details are still to emerge, but this is the first example of the potential for large-scale mass-market mobile biometric authentication. So what does this mean for both the industry and consumers?
It is important to recognize Apple’s commitment to strong authentication by allowing their customers to authenticate in a simple and secure fashion. Just as Apple has previously been a leader in driving the market for mobile applications, they are now in a position to securely identify their customers, allowing seamless and secure access to devices, app stores, and potentially in the future, 3rd-party sites.
The broad requirement to strongly authenticate users has become critical to the continuing growth of Internet services such as cloud storage, mobile commerce and payments. Online services are currently protected via simple and insecure passwords, or limited SMS 2-factor schemes, that continues to create a huge problem for the industry. We all have a large number of sites and applications that we interact with online – to pay bills, shop, store our music or photos. All of these sites have different password requirements – multiple characters, secret words, additional dates to remember – it’s no wonder that many of us have given up, re-using passwords across multiple sites or defaulting to simple phrases.
The problem with password re-use is that it represents a security disaster. If I use the same credential across multiple sites then no matter how much money and resources a company invests in their own information security, that security effort will only be as good as the other sites that share the common password.
This problem has been exacerbated by the huge number of large password databases that have been hacked over the last 18 months – we’ve seen Yahoo, LinkedIn, Evernote and many others that have suffered at the hands of hackers, and academic research has shown that more than 76% of the passwords across these large databases are the same. Hackers know this and can exploit these common passwords, resulting in data breaches for businesses and the potential for identity fraud for consumers.
Consumers also recognize the weaknesses with this model and ask questions of their service providers. Research conducted by the Ponemon Institute, which we sponsored, shows that consumers do not trust sites that only rely on usernames and passwords. It also shows that there is a growing appetite for using biometrics as a stronger form of authentication, something Apple had anticipated with their acquisition of Authentec last year.
So Apple now has an embedded Fingerprint Sensor (FPS) that it can use to bind a user and a device, reducing the risk of fraud and improving the customer experience within the Apple walled ecosystem. But,what about the rest of the Internet?
If we look at the latest figures from IDC, Apple has a market share of 16.9%, potentially rising to 17.9% by 2017. This means that 82-83% of mobile phone users are not currently using Apple devices to go online.
Author: Phillip M. Dunkelberger
The read the full article visit Nok Nok, Labs.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.