In September 2013, the iPhone 5S wasn’t the first smartphone to have a fingerprint scanner. It did, however, set a trend that rippled throughout the market, with HTC releasing a phone with the same feature just one month later. In 2017, it’s hard to find a flagship device that doesn’t boast the new security measure, and many third-party applications have integrated it as an alternate method of access. Despite its widespread adoption, the question remains of whether Touch ID is the next step in cybersecurity or just a convenience feature disguised as protection.
The ability to unlock your iPhone or Android device with a single touch of your finger beats out many of the early alternatives, typing in a PIN or drawing a pattern on a 3-by-3 grid. In the early days, even having access to the phone wouldn’t grant access to the apps with sensitive and personal information, like online banking; for those, users still needed to type in a password. As the technology became universal, however, applications such as Bank of America, Dropbox, and PayPal utilize the fingerprint scanner, allowing monetary transfers with no further verification.
These advancements are great as long as the technology remains secure. Issues arise when scanners can be fooled. The increase in popularity of Android Pay and Apple Pay means that the incentives for cracking this system become much more attractive – and lucrative. While fingerprints are unique to each individual, the scanners common on our phones don’t recognize the saved patterns to the level of sophistication since in sci-fi movies, often only capturing a partial image of the thumb or forefinger. While the more recent images are utilizing 3D ultrasound images to decrease false scans, researchers at New York University and Michigan State University found that our phones could be fooled as much as 65 percent of the time by artificially manufactured prints.
This security feature is pushing people away from potentially more reliable methods, such as two-factor authentication. Criminals would still need physical access to your phone, so as long as you keep a close eye on your device, you should be fine. However, with so many apps like LastPass substituting master passwords for fingerprint authentication, a few minutes without your Google Pixel could mean all of your accounts get compromised. As always with electronics, personal responsibility and accountability remain the most effective ways to protect yourself.