For some time now, security experts have been hailing the “death of the password” and advocating for alternative security systems – especially biometric systems like fingerprint scanners. And when Apple unveiled that the new iPhone 5s included a fingerprint scanner, it seemed it might be the beginning of the end for the traditional password. Unfortunately, as German hacker Starbug was quick to demonstrate, Apple’s new fingerprint scanner is hardly fool-proof.
With relatively basic equipment, Starbug was able to beat Apple’s fingerprint scanner only 48 hours after the new iPhone’s debut.
“It's very easy. You basically can do it at home with inexpensive office equipment like an image scanner, a laser printer, and a kit for etching PCBs. And it will only take you a couple of hours. The techniques are actually several years old and are readily available on the Internet,” Starbug said in an interview with Ars Technica.
Starbug went on to explain the issues associated with mobile security.
Passwords are no problem at all as long as they are long enough and someone had a look into the algorithms [used to store them] and their implementation. In fact, long, complex passwords, which can also be configured on iOS devices, offer a sufficient level of security. The problem is finding the right balance between convenience for the user and security. No normal person wants to be confronted with a 20-character password every single time they want to do something on their phone. On the other hand, today's smartphones contain a great amount of personal data where many would say that even a four-digit [PIN] is also insufficient.
Of course, there are other biometric options like iris scanners and voice recognition systems in development that don’t depend on fingerprints and many experts believe these might offer a substantial boost in security.
However, biometric security also poses problems outside of reliability. When your password is cracked, users only need to create a new one to regain security. Biometrics, on the other hand, are effectively impossible to alter, so if someone finds a way to crack your security, creating a new scheme could be potentially complicated.
You can try SumRando for free here.