Two-factor authentication with fingerprint and PIN

by Volker Weber

What I, and many of my colleagues are waiting for (with baited breath), is TouchID enabled two-factor authentication. By combining two low to medium security tokens, such as a fingerprint and a 4 digit pin, you create something much stronger.  Each of these tokens has its flaws and each has its strengths. Two-factor authentication allows you to benefit from those strengths while mitigating some of the weaknesses.

More >

Comments

The issue I see with biometric authentication, especially fingerprints, is that you are effectively unable to withhold the credential from law enforcement. You have a right to remain silent and cannot be forced to be a witness against yourself - yet you have no way of not keeping your fingerprints a secret, effectively granting access to all data on your device (and typically much more). Passwords are less convenient, but at least you can keep them to yourself.

Jan Tietze, 2013-09-24

That is a valid concern.

Volker Weber, 2013-09-24

Use 5-times the wrong finger and you are "safe" again.

Anyway I wouldn't mind if Apple would allow to set this mark to a lower level depending on someones saftey level. I think with the now known "hack" some would feel safer if this already kicks in with e.g. 3 attempts.

In addition I would love to see the PIN request mandatory after: removing or inserting a SIM card. Which is another action that "might" hint to an unwanted incident.

Harald Gaerttner, 2013-09-24

Exactly that was our hope here - use a long passcode or an easy one in conjunction with TouchID... Unfortunytely it is not available - hopefully this will change.

Hubert Stettner, 2013-09-24

In the USA, the right to remain silent does not necessarily cover passwords. There's no definitive ruling on it yet.

In the most recent case that I'm aware of (United States v. Fricosu), the court ruled against the right. There had been previous cases where other courts have ruled in favor of the right. The latest case was resolved without the defendant actually revealing the password, so no appeal is possible. These types of cases are very rare, so the chances of an appeal making it all the to the Supreme Court any time soon are pretty low.

Richard Schwartz, 2013-09-24

Recent comments

Alexander Hüls on Und der Gewinner ist ... at 18:09
Adalbert Duda on Und der Gewinner ist ... at 09:31
Martin Cygan on Jede Menge neue Amazon Echos at 00:50
Christoph-Alexander Dettmann on WIWE: So sieht ein schlechtes EKG aus at 16:37
Volker Weber on WIWE: So sieht ein schlechtes EKG aus at 14:18
Christoph-Alexander Dettmann on WIWE: So sieht ein schlechtes EKG aus at 14:00
Johannes Matzke on WIWE: So sieht ein schlechtes EKG aus at 13:46
Hubert Stettner on Erhöhte Sicherheit bei neuem iPhone und neuer Apple Watch at 12:19
Martin Kautz on Und der Gewinner ist ... at 10:10
Thomas Cloer on Und der Gewinner ist ... at 09:51
Roland Dressler on Und der Gewinner ist ... at 09:27
Volker Weber on Und der Gewinner ist ... at 21:18
Horia Stanescu on WIWE: Mobiles EKG für Android oder iPhone at 21:10
Christoph-Alexander Dettmann on WIWE: Mobiles EKG für Android oder iPhone at 17:20
Thomas Cloer on Und der Gewinner ist ... at 17:11
Jochen Schug on Und der Gewinner ist ... at 16:52
Felix Binsack on Und der Gewinner ist ... at 16:35
Volker Weber on Upgrade to iOS 12 now at 15:40
Jochen Schug on Upgrade to iOS 12 now at 15:34
Jochen Schug on Und der Gewinner ist ... at 15:30
Volker Weber on Und der Gewinner ist ... at 15:16
Stephan Perthes on Und der Gewinner ist ... at 15:04
Torsten Bloth on Und der Gewinner ist ... at 14:44
Harald Gärttner on Und der Gewinner ist ... at 14:37
Karl Heindel on Und der Gewinner ist ... at 14:30

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 09:54

visitors.gif

buy me coffee