For some
time now, security experts have been hailing the “death of the password” and
advocating for alternative security systems – especially biometric systems like
fingerprint scanners. And when Apple unveiled that the new iPhone 5s included a
fingerprint scanner, it seemed it might be the beginning of the end for the
traditional password. Unfortunately, as German hacker Starbug was quick to
demonstrate, Apple’s new fingerprint scanner is hardly fool-proof.
With
relatively basic equipment, Starbug was able to beat Apple’s fingerprint
scanner only 48 hours after the new iPhone’s debut.
“It's very
easy. You basically can do it at home with inexpensive office equipment like an
image scanner, a laser printer, and a kit for etching PCBs. And it will only
take you a couple of hours. The techniques are actually several years old and
are readily available on the Internet,” Starbug said in an interview with Ars Technica.
Starbug
went on to explain the issues associated with mobile security.
Passwords are no problem at all as long as they are long enough and someone had a look into the algorithms [used to store them] and their implementation. In fact, long, complex passwords, which can also be configured on iOS devices, offer a sufficient level of security. The problem is finding the right balance between convenience for the user and security. No normal person wants to be confronted with a 20-character password every single time they want to do something on their phone. On the other hand, today's smartphones contain a great amount of personal data where many would say that even a four-digit [PIN] is also insufficient.
Of course,
there are other biometric options like iris scanners and voice recognition
systems in development that don’t depend on fingerprints and many experts
believe these might offer a substantial boost in security.
However,
biometric security also poses problems outside of reliability. When your
password is cracked, users only need to create a new one to regain security.
Biometrics, on the other hand, are effectively impossible to alter, so if
someone finds a way to crack your security, creating a new scheme could be
potentially complicated.
You can try SumRando for free here.