Apple yesterday announced two new phones, the iPhone 5c and iPhone 5s. One of the biggest announcements for the iPhone 5s is the inclusion of biometric authentication in the form of a built-in fingerprint sensor.
According to Dirk Sigurdson, Mobilisafe’s Director of Engineering at Rapid7, "A strong password that is only stored in someone's brain is arguably the best single factor of authentication. But, it's inherently difficult for people to create and remember strong passwords. Because weak passwords are often used, assuming the iPhone fingerprint reader and matching algorithm do a good job of protecting against fake fingers, biometric authentication should overall improve the security of iOS devices".
"Apple has on a number of occasions released flawed versions of its passcode lock implementation which allows attackers to bypass lock screen protections. With the added complexity of biometric authentication it’s likely that we’ll continue to see vulnerabilities related to these features. It will remain important for companies to monitor iOS vulnerabilities and to implement a method for updating devices when fixes are available."
George Anderson, Senior Marketing Manager for the Enterprise, Webroot also believes quality of implementation is key to the success fo biometrics on the iPhone. He said: “If implemented well on the iPhone, biometrics could become a great mobile security measure. If it turns out, however, that the fingerprint scanner will not be an additional security layer but a substitution for passcode authentication, that would be a disappointing news. Passcodes, while basic, are much less prone to errors than fingerprint biometrics. Biometrics is a temperamental technology and it should not be relied upon as a single security measure. A combination of both types of authentication is much more powerful from a security perspective than either on their own."
“Mobile manufacturers should be always looking to layered security. They should make use of both passcodes and fingerprint verification for various actions - from unlocking the phone and making app purchases to gaining access to email and Wi-Fi connections. To the average user, this would mean the phone is protected when lost or stolen and for businesses, company information held on or accessed from that device is much more secure. As a provider of mobile security for Apple and Android devices, we’re hoping to see biometrics utilised by mobile device manufacturers in the future – but only as part of a security offering, not the sole defence.”
According to PayPal's president, David Marcus, most high end smartphones will have fingerprint biometrics within the next two years and he believes this will signal the ability of financial service providers and e-commerce companies to deliver secure services to more people.