IPhone fingerprint scanner will start security revolution

  @Jose_Pagliery September 11, 2013: 3:04 PM ET
How the iPhone fingerprint scanner works
NEW YORK (CNNMoney)

Apple's new iPhone 5S will be the first widely popular gadget to incorporate a fingerprint scanner as a security measure. It likely won't be the last.

Security experts say fingerprint scanning is safer than typing in a password. Fingerprints are far more unique than passwords and harder to hack.

Fingerprint scanning is more convenient too: Your fingers are always with you -- no more need to memorize dozens of different username and password combinations. And with Apple's (AAPL, Fortune 500) Touch ID system on the iPhone 5S, a user just has to touch the scanner on the home button, and the phone will automatically unlock.

Sure, fingerprint readers have been available on some previously released devices, including the Lenovo ThinkPad laptop and Motorola Atrix. And several companies have begun replacing security badges with iris scanners.

Related: New iPhones, hits and misses

But biometrics haven't yet gone mainstream, because earlier attempts have been too expensive, too difficult to use or featured on products that few people bought. Trying to change that, Apple bought biometric company AuthenTec last year for $356 million.

New iPhone 5S with fingerprint security

Apple's combination of ease-of-use and more robust security is why Touch ID will help popularize fingerprint and other biometric scanners on consumer gadgets, according to Phillip Dunkelberger, president of tech security firm Nok Nok Labs.

"User experience will be much better," said Dunkelberger. "It's a very good first step for everybody trying to use biometrics."

Apple's Touch ID initiative could also be a big hit with companies that allow employees to bring their own devices to work. Enhancing security is a major issue for companies that are increasingly being targeted in cyberattacks.

Unlike four-digit pins, fingerprints can't be guessed. And experts say Touch ID wouldn't actually save an image of your entire fingerprint -- just a jumbled, random code that is maybe 50 to 100 digits long, according to Joseph Lorenzo Hall, a senior staff technologist at the Center for Democracy & Technology. Plus, Apple says the information stays in a secured file that never leaves your phone.

"It's like having a very, very long password," Hall said.

But fingerprints do have flaws that the most desperate hackers could take advantage of: You can't change your fingerprint, and all it takes to pull fingerprints from a surface is some Scotch tape. Also, fingerprint scanners aren't made to be 100% accurate. To account for human variation -- say, approaching the scanner from a slightly different angle -- they need a certain tolerance for error.

That means it's possible, albeit unlikely, that someone can replicate your fingerprint. So, like everything, it's not a foolproof system.

Related: iPhones approved for China Mobile network

But security experts largely see Touch ID as a positive step that could take society a step closer to eliminating much more hack-prone PINs and passwords -- and the worry that someone else is peeking over your shoulder, said Berin Szoka, head of the tech policy thinktank TechFreedom.

"The idea of a fingerprint scanner on your phone might seem creepy to some users, but it's actually great news," he said. "That ... could make it easier for us to engage in sensitive transactions over mobile devices, like banking and government services." To top of page



Join the Conversation

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.