The limit to any security protocol is the ability to get users to adopt it. Many companies require users to change passwords every three months, while simultaneously requiring them to use capital letters and numbers in their passwords, plus avoiding previously used passwords. These rules have good intentions, but many times, they simply result in passwords written on post-it notes and stuck to computer screens.
This isn’t the most secure setup in the world, to be sure.
That’s why Apple’s Touch ID feature in the iPhone 5s was such a leap forward when it came out last year. It was really the first fingerprint sensor to work quickly and effectively — every time — for the vast majority of users.
During the WWDC keynote yesterday, Apple revealed that only 49% of iOS users turned on the passcode feature on their devices before Touch ID was released. For the iPhone 5s, that number rocked up to 83%. That means millions more users were protected when their phones were lost or stolen, and — when combined with Find My iPhone and Activation Lock — they had a good chance of erasing their phone to protect their data, even if the phone was gone for good.
In a move that was obviously coming sooner or later, Apple also announced that the Touch ID protocol will be made available to apps when iOS 8 launches to the public this fall.
Apple may not have given it much time during the keynote — Apple SVP Craig Federighi spent barely 70 seconds on Touch ID out of a 117-minute presentation — but it could have incredibly wide-ranging benefits for millions of iOS users.
App developers, including those developing apps for use within corporate networks, will be able to require Touch ID or password authentication on a per-app level, or even allowing unfettered access to some parts of an app but requiring a fingerprint for access to more secure areas.
The use cases are endless, from protecting sensitive financial and customer data from prying eyes to requiring additional authentication before opening documents and files outside a secured network or VPN. Apple showed the feature used on Mint, a personal finance application.
The Touch ID Authentication framework, outlined in the iOS 8 Developer Library, will be easy for developers to implement. On a basic level, the Touch ID authentication protocol is used to protect logins and users data by unlocking Keychain items — essentially stored passwords in the system.
Apple reiterated that fingerprint data is never exposed to third-party apps and, in fact, never leaves the “Secure Enclave” within the A7 processor. Apps only see whether a user was successfully authenticated or not.
While Touch ID is currently only available on the iPhone 5s, the previously reliable analyst Ming-Chi Kuo has said that iPhone and iPad models introduced this fall will all gain the feature. Apple has also examined building the Touch ID sensor in the Mac’s trackpad or an iPhone screen, according to patent filings.
iOS 8 is currently available to registered developers in beta form and will launch to the public this fall.
What do you think of Touch ID? Would you like to use your fingerprint to log into your work and financial apps? Let us know in the comments below.