Two-factor authentication with fingerprint and PIN

by Volker Weber

What I, and many of my colleagues are waiting for (with baited breath), is TouchID enabled two-factor authentication. By combining two low to medium security tokens, such as a fingerprint and a 4 digit pin, you create something much stronger.  Each of these tokens has its flaws and each has its strengths. Two-factor authentication allows you to benefit from those strengths while mitigating some of the weaknesses.

More >

Comments

The issue I see with biometric authentication, especially fingerprints, is that you are effectively unable to withhold the credential from law enforcement. You have a right to remain silent and cannot be forced to be a witness against yourself - yet you have no way of not keeping your fingerprints a secret, effectively granting access to all data on your device (and typically much more). Passwords are less convenient, but at least you can keep them to yourself.

Jan Tietze, 2013-09-24

That is a valid concern.

Volker Weber, 2013-09-24

Use 5-times the wrong finger and you are "safe" again.

Anyway I wouldn't mind if Apple would allow to set this mark to a lower level depending on someones saftey level. I think with the now known "hack" some would feel safer if this already kicks in with e.g. 3 attempts.

In addition I would love to see the PIN request mandatory after: removing or inserting a SIM card. Which is another action that "might" hint to an unwanted incident.

Harald Gaerttner, 2013-09-24

Exactly that was our hope here - use a long passcode or an easy one in conjunction with TouchID... Unfortunytely it is not available - hopefully this will change.

Hubert Stettner, 2013-09-24

In the USA, the right to remain silent does not necessarily cover passwords. There's no definitive ruling on it yet.

In the most recent case that I'm aware of (United States v. Fricosu), the court ruled against the right. There had been previous cases where other courts have ruled in favor of the right. The latest case was resolved without the defendant actually revealing the password, so no appeal is possible. These types of cases are very rare, so the chances of an appeal making it all the to the Supreme Court any time soon are pretty low.

Richard Schwartz, 2013-09-24

Recent comments

Volker Weber on AP Steering in der nächsten Fritz-Software at 20:08
Moritz Petersen on AP Steering in der nächsten Fritz-Software at 20:02
Patric Stiffel on Soyuz-Flug zur ISS und zurück at 18:35
Volker Gronau on AP Steering in der nächsten Fritz-Software at 17:45
Axel Koerv on AP Steering in der nächsten Fritz-Software at 16:33
Volker Weber on Kleines Update zu ginlo at 12:45
Marco Siedler on Kleines Update zu ginlo at 12:43
Stephan Perthes on Soyuz-Flug zur ISS und zurück at 11:45
Bill Buchan on Ein kleines persönliches Update at 10:05
Oliver Regelmann on Is Watson Workspace dead or only resting? at 09:02
Oliver Barner on Unfallfolgen :: Ab jetzt geht es bergauf at 09:01
Henning Kunz on Ein kleines persönliches Update at 08:59
Christian Tillmanns on Soyuz-Flug zur ISS und zurück at 08:41
Richard Schwartz on Huntress at 04:10
John Keys on ginlo auf Android at 22:54
Amy Blumenfield on Unfallfolgen :: Ab jetzt geht es bergauf at 20:55
Stephan Perthes on Last-Minute-Geschenk :: udoq-Qi-Lader at 19:51
Johannes Koch on Words to live by at 19:29
Volker Weber on ginlo auf Android at 18:45
Wolfgang Kulhanek on ginlo auf Android at 18:40
Sami Bahri on ginlo auf Android at 17:45
Volker Weber on Words to live by at 17:23
Jens Nullmeyer on Words to live by at 17:17
Volker Weber on Soyuz-Flug zur ISS und zurück at 17:14
Maik Endler on Soyuz-Flug zur ISS und zurück at 15:31

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 23:09

visitors.gif

buy me coffee