ISC Diary | In Defense of Biometrics

There are several good thoughts in this post:

One easy improvement: Make it “real two factor” by allowing users to require a PIN/Password in addition to the fingerprint. Could they have done better then a fingerprint? There are a few different common biometric sensors: Facial recognition, Fingerprint, Weight/Height, retina scans and iris scans. Fingerprints are probably best considering the price of the sensor and the difficulty to acquire the data.

Finally: There is probably one real big vulnerability here. A stolen iPhone is likely covered in the user’s fingerprints. It shouldn’t be too hard for an attacker to lift a finger print off the phone itself to bypass the sensor.

via ISC Diary | In Defense of Biometrics.

I hope that Apple offers more details about how the fingerprint reader works. The technology exists to deal with the latent fingerprint issue. Many corporations will want true two-factor before relying on the iPhone’s biometrics in the enterprise.

If this is strong & robust authentication I hope Apple makes it available to other manufacturers as an open standard.