Because of Apple's influence, other companies are likely to follow. At least one new smartphone running Google Inc.'s Android operating system to be released this year will include a similar fingerprint sensor, though it is unclear if that phone will be sold in the U.S, a person familiar with the matter said. A Google spokesman declined to comment.
Behind the activity is a growing recognition that passwords are a porous defense for consumers' information—particularly on mobile devices likely to be lost or stolen. At the same time, recent technology advances have made fingerprint scanners more accurate and reliable, addressing issues that previously impeded their adoption.
Some laptop computer manufacturers began building such scanners into their machines more than a decade ago. But despite the 007-like cool factor, the technology proved too temperamental for most consumers.
"It was not reliable to use on a daily basis," said Kevin Mahaffey, chief technology officer of Lookout Inc., a mobile cybersecurity company, who tried to be an early adopter of the technology a decade ago when he bought a fingerprint scanner for his desktop computer.
Motorola Mobility LLC, a unit of Google, included a fingerprint sensor in its Atrix 4G phone in 2011. The company stopped using the sensors because, among other reasons, customers complained about scanner errors and many didn't use the feature, a person familiar with the matter said.
But concerns about consumers' reliance on passwords—often composed of just six to 10 letters or numbers—continue to grow. Fraudsters and hackers have found a variety of ways to steal or crack codes that may be shared among multiple Web accounts.
Meanwhile, some major companies have signaled that fingerprint-based safeguards may finally be ready. In one sign, big players that include Google, LG Electronics Inc., eBay Inc.'s PayPal unit and Lenovo Group Ltd. have joined a nonprofit called the Fast IDentity Online Alliance, which pushes for broader use of biometrics, among other alternatives to passwords.
"It seems a natural fit," said Kevin Kempskie, a spokesman for RSA, the security unit of EMC Corp. Once smartphones are protected with fingerprints, "you could do all kinds of things," he said.
In theory, scanning a user's finger could be a very fast way to unlock a phone or authorize a payment—and unlike a password, impossible for an unauthorized person to crack by guessing or trying different combinations.
A scanner on a smartphone could also be used to safeguard corporate networks, acting much like security tokens made by RSA and others that generate sequences of numbers to be used with passwords, Mr. Kempskie said. A corporate customer could enter his password and then be required to scan his thumb on his iPhone, using an RSA app, for example, to verify his identity, he said.
They could also be used for physical security. August, a San Francisco startup, plans to ship a deadbolt lock add-on—the device fits on an existing lock—later this year that allows users to unlock their front doors with their smartphones. The company will likely allow customers to use their fingerprint as an additional form of verification, said Jason Johnson, its chief executive.
It remains unclear whether Apple will let outside developers employ the fingerprint scanner in apps, if at all. An Apple spokeswoman didn't return a request for comment.
Apple purchased fingerprint-reader specialist AuthenTec in 2012, and the U.S. government recently approved Apple's patent for its own fingerprint reader technology. The company, like other makers of fingerprint scanners, uses radio frequencies to map a finger's surface.
Older scanners required users to swipe their finger across a device and employed software to create a composite image of the fingerprint. Greasy or incorrectly placed fingers would lead to false negatives, as the scanners could only capture one image at a time.
Newer models scan the surface of a finger or thumb while it is at rest, allowing it to capture one to five images after one touch. This gives backup images in case the first is poor quality, said Sebastien Taveau, CTO at Validity Sensors Inc., another fingerprint-sensor company that doesn't work with Apple.
Fingerprints aren't foolproof. They can sometimes be tricked if an attacker uses scans or molds of a user's fingerprints, as the TV show "MythBusters" recently demonstrated to unlock a laptop. (Mr. Taveau said the finger must be attached to a living hand on most modern systems.)
Smartphones can also be hacked in ways that could bypass a fingerprint scanner.
"There's potential danger of a false sense of security," said Bret Hartman, CTO of Cisco Systems Inc.'s computer-security business. Still, the longtime security guru and a former executive at RSA said "it's definitely an important step in the right direction."
But fingerprints have the advantage of requiring few steps, and nothing to memorize, compared with other alternatives.
No comments:
Post a Comment