Biometrics on “smart devices”

Obviously this post was prompted by my [relatively long overdue] upgrade to an iPhone 5S (was previously a 4S user – and never felt the need to upgrade to a 5), however this is not going to be a “first impressions” sort of post that I usually do with my other “reviews.”

Instead its a sincere statement on how I have come to believe that biometric authentication is the way to go for “smart [handheld] devices” in general.

I’m not saying this just because the 5S finally decided to have such a feature, but because I’ve always believed in biometrics, but only now have I experienced a “commonplace” device implement it reliably.Like I said, biometrics isn’t new. My mom’s old laptop has got biometrics. She ended up never using it. It simply wasn’t working most of the time – so you’d end up spending more time making sure you got finger in the right “position” (in her case, to slide it at a certain speed and angle) just for the fucking thing to work. So it was actually quicker to just type in the password.

Then on the more “industrial side of things” I remember with one of my first jobs, we had a biometric lock enabled to our main office door – and all the employees would program their prints in. That didn’t work quite as reliably as well that our HR person (who mans the door) just ended up opening the door for us whenever we’d signal to her that the friggin’ lock doesn’t want to authenticate us.

So the short of it, biometrics is great, if it works. But when it works, oh boy does it work splendidly – so splendidly that it can prompt someone to post a blog about the strengths of the technology more than the device (which is an interesting subject matter on its own) that utilizes it.

So why the push for biometrics, and why now? Because the 5S proves that the technology is reliable enough. Another reason is that “portable smart devices” are a perfect fit for this sort of technology.

Portable Smart Devices?

When I say “portable smart devices” – I basically any type of portable computer but with the extra qualification of being handheld in nature. Of course it doesn’t hurt for laptops to have them – or ANY device for that matter – but if there’s one “category” of devices that stand the most to benefit from this tech, its our phones, our tablets, etc.

Security vs Practicality

So why do I mention that these types of devices stand to gain the most out of this? Basically, any device that’s constantly turned on and off (hence locked/unlocked) and sometimes require some security (photos, data, documents etc.) benefits from this by the very nature of how we interact with them.

We all want security, but we also want stuff easily accessible, we want the least amount of taps to get to what we want to do. So we now hit the dilemma of security vs practicality.

I’ve always thought having a 4-digit passcode or some gesture pattern was next to useless – as those things could be easily observed by anyone determined enough to find out. A passcode is only as strong as how random (and unintelligible) it is – the longer the better, the more complicated the better, the harder to remember, the better. That’s from a security standpoint. On the practicality standpoint however, the exact opposite applies. Shorter, simpler, easily remembered, etc.

But enabling more complex passwords, while ideal for security, can be too much of a hassle, as the nature of these devices will entail unlocking them multiple times within a day.

It’s was always a trade-off between practicality and security.

Biometrics solves all this in one go. You get to have as complex a passcode as you want – and only have to use it as a last resort. Most of the time, you’ll be using a more “practical” passcode; something readily available (practical) but also secure in the sense that its something physically unique to you alone.

Circumvention

I’m not going to say that this technology is fool proof despite coming a long way. Someone could get a sample of your fingerprint and find a way to fool the sensors, sure. Those scenarios are always a possibility. But the question you really should be asking yourself is this: Which is easier; trying to figure out your passcode (or trying to see you type in your passcode), or trying to “get” 1 Because it’s not just about getting it, you’ll have to process it, then come up with a way to fool the sensor into accepting it your fingerprint?

So sure, circumvention of a biometric scanner is surely possible, and so is finding out someone’s passcode – especially if it’s a simple/practical one.

Also, this is why I qualified my argument to be limited to portable [handheld] smart devices. Because a stationary biometric door would be easier to “experiment with” when no one is looking – as compared to stealing and experimenting a phone/tablet (even a laptop) – which you can remotely wipe once you find out its missing. Sure you stole it, but your data will most likely be protected.

Practical Strengths

And here’s the crux of my argument – the very reason why I felt compelled to write this post. Whatever “cons” it may have, aren’t enough to beat the advantages it has to offer. Just imagine the following scenarios…

When a friend borrows your phone, and if you’re protective of your passcode, there doesn’t have to be any awkward moment where you make sure they don’t see what you’re typing – as if to say that you’re assuming they’ll try to remember your passcode and access your phone at a later time (significant others are especially prone to this breach of trust). You don’t even have to take the phone back to type; you just put your finger on there while they’re holding it – easy peasy!

The other is what I’ve already mentioned – and I’ve done this myself: you can now use a more complex passcode – knowing that you only have to resort to it in rare circumstances.

I’ve made a quick video comparing how fast it is to login with a simple passcode, a more “complex” one, and using biometrics.

I’ve synchronized the footage where the clicking sound was heard – so I’m pretty sure all scenarios start at the same time relative to each other – giving us a very accurate idea on the difference in how fast you can get your phone unlocked with the different methods. I think the results speak for themselves.

Conclusion

To put things into proper perspective; unless you’re a person who doesn’t care to lock his/her phone at all, imagine how many times you lock/unlock your phone in a(n) hour/day.

Biometric authentication, when implemented properly, definitely gives you a distinct advantage in accessing your device. Even people who have disabled passcode authentication for practicality purposes may now use it again without any penalty. You get the best of both worlds – the security of having a “complex passwcode” with the practicality of not having to type it in. It’s a win-win.

Notes

Notes
1 Because it’s not just about getting it, you’ll have to process it, then come up with a way to fool the sensor into accepting it

Have a say

This site uses Akismet to reduce spam. Learn how your comment data is processed.