Last week, Apple announced their debut of biometric, chip-based security on their laptops. This joins the biometric, chip-based security that is already present in their iPhones. Now I'm a big Apple person; I work on a macbook pro and an iPad pro, I have an iPhone and an Apple watch. I'm not an early adopter, but I'm an adopter. I enjoy how their stuff meshes well together, and how it supports my graphic software seamlessly.
But I do not like the biometric laptop security. And I'll tell you why.
I've heard this refrain become more and more common in recent years: "Well we should just move to biometric security!" You hear this every time there's a hacking scandal at a big bank or another huge data dump of compromised passwords. You hear this whenever we are pushed to make another strong password; you hear it in reference to the fact that strong passwords aren't as secure as we would think. And I understand the drive for it, and the desire for more security. Trust me, security is my life!
Not kidding.
I'm very security conscious. I applaud the use of the stronger passphrase passwords than randomly generated passwords with special characters. I change my passwords frequently, I avoid the use of passwords keychain programs because they often have backdoors, and I use more secure browsers and different sessions for important things like finances. So you would think I'd be all over the use of my fingerprints as a security measure, right? Well, no. Even though I do use it on my phone.
The reasons I use the iphone biometrics are as follows:
1. It's securely stored inside the chip on my device, and not kept in the cloud or offsite in a database.
2. My phone is rarely out of my sight, or off my person. There's very little chance for someone, besides my 2 year old and 4 year old, to compromise the device. (Though they do try their best)
3. As far as security measures go, Apple is pretty good about safeguarding theirs. It's not infallible, but they do care a lot more about security than a lot of other companies seem to, and invest in it accordingly.
So why do the new apple TouchID measures on the laptop make me nervous? Reason number 2, for one. I commonly leave my laptop (in comparatively safe places, but still) and it's therefore susceptible to compromise. It doesn't exactly fit in my pocket, after all. And I'd venture to say most people are like me in that.
The fact that touch security can be foiled by false fingerprints is a big deal (it happened in 2014, just after touch id came out. It's a lot easier to find a way to defeat security than it is to safeguard it, after all. It's commonly said that offense only has to succeed once, and defense has to keep it together 100% of the time, and it's as true in biometrics as it is anywhere else in security/defense).
The concern that's utmost on my list is that while there are already ways around biometric security in fingerprints, there's no way to get new biometrics if yours are compromised. If someone is able to get your biometric data, you can't have new fingerprints or a new cornea issued. The bad guys will have your private biometric data forever. It's bad enough if they get your sensitive question answers, but having a copy of your biometrics is infinitely worse.
As the technology becomes more widespread, the relatively high level of security will not be maintained by all vendors. They WILL get sloppy, they always do. It's a sad truism that in business, security is often more lax than it should be because it's expensive to do right, and there's usually no one willing to pay the premium over the bottom line. It's even true in government.
I think the best way around it (though I am no expert by any means), is to have a combination of biological keys and behavioral adaptation. As sensors get more advanced they'll be more sensitive to individual movement signatures. So as some devices already allow pressure patterns to unlock, the combination of a memorization device that is customizable as needed (such as six gestures that must be repeated correctly), with the individual movement idiosyncrasies of the user, will help make a more secure logon that doesn't require a device that can be left/forgotten (such as chip cards or tokens). This way there is nothing that will be permanently forever compromised if compromised once (as biometric maps are), but it will be tailored to each person specifically and won't allow someone to just repeat the sequence.
My point is, there are more solutions between "come up with a secure password", and "use your most specific biological data to secure", that don't require the risks of biometrics. So anyway, thanks for reading this week's edition of, "What's rattling around in Phaedra's noggin." Take care, and as always, have a plan, have a kit, live your life to the fullest and for heaven's sake get some fresh air.