PayPal hopes the next iPhone will obsolete passwords, once and for all

By , May 10, 2013

Fingerprint scanning 002

In a tell-tale sign that passwords had had their day in the sun, PayPal CISO Michael Barrett took the stage at Interpo today to spell doom for existing verification methods, predicting that more robust authentication protocols based on an open standard will replace passwords. While two-step verification can bolster account security – Apple recently enabled it for Apple ID accounts – PayPal alludes that secure authentication technologies said to make their way into Apple’s next iPhone may announce the impending end of passwords…

“Passwords are starting to fail us,” he said, according to MacWorld UK.

Indeed they are.

Also, this:

Passwords are running out of steam as an authentication solution. They’re starting to impede the development of the Internet itself. It’s pretty clear that we can’t fix it with a proprietary approach.

Coincidentally, Wired recently ran an in-depth piece that explains vividly why a string of characters can’t protect us anymore.

Just a simple string of characters – maybe six of them if you’re careless, 16 if you’re cautious – that can reveal everything about you.

Your email. Your bank account. Your address and credit card number. Photos of your kids or, worse, of yourself, naked. The precise location where you’re sitting right now as you read these words.

Barrett shares a similar sentiment.

Users will pick poor passwords and then they’ll reuse them everywhere. That has the effect of reducing the security of their most secure account to the security of the least secure place they visit on the Internet.

A little backgrounder: Barret is the president of the Fast Identity Online Alliance (FIDO), an organization that wants to replace the password with a more convenient standards-based open protocol.

The FIDO Alliance protocol allows users a choice of authentication method while shifting control to providers who can make authentication user-transparent and limit the risk of fraud. Essentially, FIDO combines hardware, software and Internet services.

A FIDO user will use a FIDO Authenticator or token that they’ve chosen or that’s incorporated in their device; it could be a built-in fingerprint scanner, a USB memory drive with a password, a voice reader or something else.

“Starting this year you will see FIDO-enabled devices appearing in the market,” he proclaimed.

But what’s that got to do with Apple, you ask…

Everything.

Barret alluded that Apple’s next iPhone may be the first consumer device to adopt FIDO’s proposed solution, based on the rumored fingerprint sensor inclusion on the iPhone 5S.

It’s widely rumored that a large technology provider in Cupertino, Calif., will come out with a phone later this year that has a fingerprint reader on it. There is going to be a fingerprint enabled phone on the market later this year. Not just one, multiple.

Apple fanboy MG Siegler and CrunchFund investor (who just joined Google Ventures as a general partner) heard “multiple times” whispers of “some sort of biometric scanner on the new iPhone.”

Analysts have long insisted that the next iPhone will include fingerprint sensor. Morgan Stanley calls it a killer feature and other watchers believe it could be a world-changing moment because it takes a company of Apple’s size to mainstream the tech.

iPhone 5S fingerprint sensor (KGI Securities 001)

Unfortunately, it seems that Apple’s rumored effort to integrate fingerprint sensor underneath the Home button – as opposed to embedding it on the device as a separate button – has now created “technical challenges,” leading one analyst to speculate that the next iPhone could be pushed back until Fall.

Reuters agrees, quoting a supply chin source as saying last month that Apple was trying to find a “coating material that did not interfere with the fingerprint sensor,” adding this may be causing a delay.

If used in conjunction with NFC – and tapping the nearly half a billion iTunes accounts with credit cards enabled for one-click purchasing – the next iPhone wouldn’t just replace password-based authentication with your fingerprint ID, it could act as a digital wallet, too – provided Apple cuts deals with banks, credit card companies and merchants, of course.

If all this sounds too futuristic, remember that Apple shelled out $356 million to buy AuthenTec. That company is the leader in NFC technology and so-called smart sensors and Apple notably unloaded its other business units, leaving only sensors.

Moreover, Apple’s been on something of a hiring spree, looking for software engineers to join its existing AuthenTec fingerprint sensor team.

So, instead of typing in passwords into apps and web sites, the next iPhone could authenticate you just by scanning your thumb resting on the Home button.

How disruptive would that be?

You connect the dots.

  • Share:
  • Follow:
  • Bob

    1Password

    • Paul Dunahoo

      Bingo.

  • http://twitter.com/geekinit geekinit

    Could be awesome. Only problem is we leave our fingerprints on every door we open and every glass we drink from. Obviously this technology must not use the finger print data itself?

    • http://twitter.com/aidanharris1 ✪ aidan harris ✪

      In my opinion for security a combination of both passcode and fingerprint (or some other form of biometrics) would allow for the best security. However for convenience (because us humans are lazy and don’t like spending a long time entering passcodes) fingerprints should be enough. Only businesses and governments etc would need a combination of both fingerprint and passcode to get the best security…

    • iBanks

      Someone that’s willing to put in so much work to copy your fingerprint off of a door knob or table to get into your phone must hold great value over one’s head or you have something vvvvveerrryyy interesting inside that device that they must need.

      • Falk M.

        Or someone is very bored and feels like taking a little challenge.
        Trust me, people can have the most off reasons for doing stuff like this.

    • http://twitter.com/burlow burlow

      it likely will be a capacitive surface, so simply lifting a finger print off a glass won’t work. also, if someone finds your phone somewhere, they have no idea where to look for your fingerprints.

      • Javier Martinez

        How about on the phone itself?? Duh!!

      • http://twitter.com/burlow burlow

        even if they found your fingerprint on your phone, the scanner would only register if a finger touches it – so you’d have to somehow put the lifted fingerprint onto a “finger”

  • http://www.facebook.com/vensephable Steven Brady

    Sounds like a bad idea to me. Can you imagine the immense power big brother would have with a database of all those fingerprints? It has room to be misused.

    Plus, what if you accidentally leave your phone at home, and need a family member to access it for ‘whatever reason’ for you while you are out?

    I only had this happen one or two times but it really helped me when I needed it.

    • Kurt

      +1

    • Bob

      Apple could implement a DNA analyzer, you could set it to allow members close in your family to access your phone. So all they would have to do is pull some hair out of their scalp, put it into the sim card tray & spit on your iPhone and it would analyze the genetic code of their DNA in real time and will allow access if there’s a high chance of you being related.

      • Kaptivator

        LMAO…but i don’t think that i would want my phone back after being spat on by someone else.

    • Falk M.

      Chop off your finger and post it. Is it really that hard? *eyeroll*
      Some folks are so lazy and impatient……..

  • http://www.facebook.com/profile.php?id=100000945354629 Avery Massenburg

    Now that I think about it, I’m not surprised if passwords start dying. You can easily crack a simple text/number password. Fingerprint passwords since everyone has a unique fingerprint would make it much much harder to crack.
    If Apple does incorporate a fingerprint scanner I’d hope that they allow multiple fingerprints to be stored incase someone like your husband or wife needs to use the phone for whatever reason (Say they’re out of minutes)

    I wouldn’t mind all my apps needing Fingerprint access for authentication as long as it’s accurate. The only problem then would be when I need to access the desktop version of that application, like iTunes or Facebook.

  • http://www.facebook.com/rmmckinney96 Ryan Mckinney

    I think it’s funny that the picture showing an android, an iPhone, and a “Windows Phone” actually show android, iOS, android. That is not a windows phone! That’s an HTC android phone!

  • Gorgonphone

    here come the finger cutters

  • http://www.facebook.com/dante.arellano1 Dante Arellano

    Kill the home botton more screen please

    • http://twitter.com/aidanharris1 ✪ aidan harris ✪

      The home button serves its purpose (at least if it already doesn’t with a fingerprint sensor it will fulfill a purpose)

  • http://www.facebook.com/profile.php?id=1457594844 Matthew Dias

    Obsolete is an adjective.