Two-factor authentication with fingerprint and PIN

by Volker Weber

What I, and many of my colleagues are waiting for (with baited breath), is TouchID enabled two-factor authentication. By combining two low to medium security tokens, such as a fingerprint and a 4 digit pin, you create something much stronger.  Each of these tokens has its flaws and each has its strengths. Two-factor authentication allows you to benefit from those strengths while mitigating some of the weaknesses.

More >

Comments

The issue I see with biometric authentication, especially fingerprints, is that you are effectively unable to withhold the credential from law enforcement. You have a right to remain silent and cannot be forced to be a witness against yourself - yet you have no way of not keeping your fingerprints a secret, effectively granting access to all data on your device (and typically much more). Passwords are less convenient, but at least you can keep them to yourself.

Jan Tietze, 2013-09-24

That is a valid concern.

Volker Weber, 2013-09-24

Use 5-times the wrong finger and you are "safe" again.

Anyway I wouldn't mind if Apple would allow to set this mark to a lower level depending on someones saftey level. I think with the now known "hack" some would feel safer if this already kicks in with e.g. 3 attempts.

In addition I would love to see the PIN request mandatory after: removing or inserting a SIM card. Which is another action that "might" hint to an unwanted incident.

Harald Gaerttner, 2013-09-24

Exactly that was our hope here - use a long passcode or an easy one in conjunction with TouchID... Unfortunytely it is not available - hopefully this will change.

Hubert Stettner, 2013-09-24

In the USA, the right to remain silent does not necessarily cover passwords. There's no definitive ruling on it yet.

In the most recent case that I'm aware of (United States v. Fricosu), the court ruled against the right. There had been previous cases where other courts have ruled in favor of the right. The latest case was resolved without the defendant actually revealing the password, so no appeal is possible. These types of cases are very rare, so the chances of an appeal making it all the to the Supreme Court any time soon are pretty low.

Richard Schwartz, 2013-09-24

Recent comments

Sven Thomsen on Viele neue Echos :: Amazon rüstet massiv auf at 07:55
Jonas Rathert on Critical Intel Thunderbolt Software and Firmware Updates - ThinkPad at 12:29
Manfred Wiktorin on Beats Solo Pro with ANC at 10:33
Tim Bellinghausen on Losing your laptop at 10:17
Andreas Kurtz on Losing your laptop at 08:28
Philipp Haun on Losing your laptop at 06:40
Volker Butterstein on Share music on two headphones from iPhone at 06:36
Maximilian von Hulewicz on Beats Solo Pro with ANC at 11:18
Maximilian von Hulewicz on Google Pixel 4 vorgestellt at 11:17
Felix Binsack on Beats Solo Pro with ANC at 10:54
Volker Weber on Beats Solo Pro with ANC at 23:33
Adrian Woizik on Beats Solo Pro with ANC at 23:08
Volker Weber on Beats Solo Pro with ANC at 22:42
Adrian Woizik on Beats Solo Pro with ANC at 22:40
Enrico Lippmann on Google Pixel 4 vorgestellt at 14:40
Felix Binsack on Beats Solo Pro with ANC at 13:23
Volker Weber on Beats Solo Pro with ANC at 09:02
Johannes Matzke on Beats Solo Pro with ANC at 09:00
Thomas Cloer on Google Pixel 4 vorgestellt at 08:17
Volker Weber on Fritz!Fon C4, C5 und C6 :: Stuff that works at 20:08
Maik Endler on Fritz!Fon C4, C5 und C6 :: Stuff that works at 20:05
Andreas Krümmel on Fritz!Fon C4, C5 und C6 :: Stuff that works at 11:36
Hubert Stettner on Fritz!Fon C4, C5 und C6 :: Stuff that works at 11:24
Eric Bredtmann on Fritz!Fon C4, C5 und C6 :: Stuff that works at 07:53
Volker Weber on Fritz!Fon C4, C5 und C6 :: Stuff that works at 23:17

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 07:54

visitors.gif

buy me coffee

Paypal vowe