Apple has unveiled a fingerprint scanner on its high-end iPhone as part of a new identification capability that some experts say could be a boon to security vendors specializing in next-generation authentication measures.
Called Touch ID, the fingerprint identity sensor is available on Apple's iPhone 5S. It can scan a fingerprint at a 500 pixels-per-inch resolution and contains a detection ring, a tactile switch and sensor on the home button, capable of 360-degree readability, Apple said. The fingerprint sensor can approve purchases from the iTunes Store, App Store and iBooks Store as an alternative to entering a password, Apple said.
Security experts told CRN that Apple's foray into biometrics could help pave the way for a new crop of security products aimed at addressing the security lapses associated with account credentials. Usernames and passwords are highly coveted by cybercriminals. The Verizon Data Breach Investigations Report, which provided analysis of hundreds of data breaches in 2012, found that more than 90 percent of breaches involved some form of stolen account credentials.
[Related: What Do You Want In A New iPhone? (Video)]
"I'm sure there will be a whole ecosystem that grows out of this," said Avivah Litan, vice president and distinguished analyst at Gartner. "There's a real need for better authentication that takes advantage of these more user-friendly form factors."
Litan said it takes a large vendor to help make technologies more mainstream. Until now, fingerprint identification has been on a variety of laptops, but it hasn't been widely used because of performance issues, Litan said.
The Touch ID system also lets users enroll multiple fingerprints, letting users add people they trust. Apple said Touch ID fingerprint enrollments are stored only on the device and not backed up to iCloud or stored online in any way.
There are may be as many as a dozen security vendors or more attempting to use the mobile device to establish identity, Litan said. Nok Nok Labs, a member of the Fido Alliance, has been attempting to take its password alternative technology to enterprises, unveiling its solution at the RSA Security Conference in March. The Fido Alliance has been trying to push for standards to make strong authentication interoperate on mobile devices regardless of operating system.
"Apple's decision to include authentication with the iPhone is a good dose of rocket fuel for the industry," said Michael Barrett, president of the Fido Alliance, in a statement issued following the Apple announcement. "The marketplace seeks authentication capabilities that span computer, smartphone and physical access authentication and federated identity applications. Open industry standards, such as FIDO authentication specifications, are required before we can achieve industry-wide adoption of strong authentication across all platforms."
NEXT: Can Apple Meet The Needs Of Banks, Online Services?Apple is solving the problem of adoption, but the issues are much more complex, Gartner's Litan said. Banks and other online services require additional measures to establish the identity of users attempting to access their accounts, she said.
"There's still a huge enrollment issue because Apple only needs to authenticate users to their device or iTunes, which is much different than what a bank's requirement for online banking," Litan said.
Solution providers told CRN they are also optimistic that Apple's announcement could prompt a greater interest in authentication products. Businesses have been trying to address password concerns with multifactor authentication and device security with mobile device management components, said Bob Breitman, president of Bingham Farms, Mich.-based solution provider IT That Works-Midwest.
"This is the right move because devices are more personal than laptops and desktops," Breitman said. "Assuming it's easy to enroll a fingerprint and works as promised, it may open up new opportunities for the channel."
Consistency in the implementation of the fingerprinting technology is important, said Randolph Carnegie, president of Chicago-based consultancy and solution provider Ken-Kor Consulting. Users may still need to use a username and password for using iTunes on their laptop and that could lead to confused users, Carnegie said.
"What they're doing is adding to the mix of ways we have to authenticate the identity of individuals, which could add complexity, and that often leads to security issues," Carnegie said. "This is a way to get this technology initially in the hands of the consumers, but for now, I don't see everything being reduced to fingerprint authentication."
PUBLISHED SEPT. 10, 2013