Thumb-scan authentication for your smartphone might sound sexy, but bypasses remain all too easy.
Even if the scanning-speed challenge does get addressed in smartphones, the authentication technique is no risk-prevention panacea. "Security is always a cat and mouse game," says Brendon Wilson, director of product management at Nok Nok Labs, via email. "Add fingerprint sensors, and attackers will now attempt to figure out how to steal fingerprints off surfaces, off devices, or how to have malware attack the underlying hardware to steal credentials. It would be a mistake to think fingerprint scanning is the final word in authentication."
On the other hand, a fingerprint scanner could prove useful for so-called adaptive authentication, such as when using a smartphone to conduct online banking. For example, the FIDO Alliance -- of which Nok Nok Labs is a member -- is building an open standard to let websites authenticate people using whatever is at hand: passwords, PINs, security questions or a biometric fingerprint scanner built into a smartphone. Accessing a banking statement might require a password. But for transferring money, a thumb scan -- or else three security questions -- might also be required.
Despite their usefulness in such adaptive-authentication scenarios, thumb scans won't solve iPhone users' most pressing security concern: the physical theft of their device. Britain, for example, last year recorded an 8% increase in smartphone-related robberies, counting over 100,000 such thefts in 2012.
Hence the next big security payoff for a user of iOS -- or any other smartphone -- will come from adding a "kill switch" to remotely disable and track stolen devices. On that front, Apple has said that iOS7, due out this fall, will include a feature that can be used to remotely deactivate a stolen phone via an "activation lock," as well as to prevent data on the phone -- or a custom "please return this phone to its rightful owner" message -- from being deleted, unless the correct activation username and password get entered. That will hold even if the SIM card gets removed.
While such features might not seem as sexy as using your thumb to unlock an iPhone, in terms of real-world security, the biggest near-term security wins -- for the security of both the physical device and the information it stores -- will come from adding tough-to-defeat recovery features.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.