The fingerprint sensor built into the home button of the iPhone 5S is proving controversial, with questions asked about both the level of security and the effectiveness of fingerprints in the first place. Nobody wants to spend five minutes making sure they press their finger at just the right angle.
But most of the concerns are only relevant to older fingerprint sensors. What we’re seeing in the iPhone -- and will see in other devices soon -- uses a new generation of technology.
Although Apple bought Authentec, who put those annoying finger-graters onto a large proportion of laptops (complete with irritating software for mapping your fingerprints to your Windows password, web site passwords, and even launching different apps by swiping different fingers), the fingerprint reader on the iPhone 5S isn't going to be like that.
The latest generation of fingerprint sensors will show up in new laptops this year -- Fujitsu is already selling the LIFEBOOK A743/G, A573/G and A553/G in Japan with next-generation touch fingerprint sensors from Validity --and in keyboards, so you can use them with existing desktop PCs in business. We're expecting to see them on Android and Windows Phone handsets in the not-too distant future as well. Maybe the Surface Pro 2 will even include a fingerprint sensor, because Microsoft is backing fingerprints as the best way to get past the insecurity and inconvenience of passwords.
For PCs, the sensors will be coming from suppliers like Validity and Fingerprints. Microsoft demonstrated a notebook retrofitted with a Validity sensor at TechEd this summer, as part of a demo of the new security features in Windows 8.1. (Ironically, Apple might have helped speed up the switch to the new style of fingerprint sensor in PCs by telling PC makers they could no longer buy the old fingerprint sensors from Authentec after it bought the company.)
Unlike the swipe sensors you may be used to, the new sensors let you press your finger on the reader rather than dragging it across, so they're not as fiddly. You may have used similar sensors at the immigration desk when you visit other countries like the UK.
Windows Security head Nelly Porter isn't a fan of the old swipe reader either; at TechEd this year she told us "They're not intuitive. You have to swipe your finger, not too fast and not too slow and not over to the left and not over to the right but just in the right place so the sensor can compose the stripe image. That's users having to work for the technology, not having the technology work or them."
With the new sensors you don't have to move your finger, just press it against the reader. And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that's been severed from your body.
This will protect you from thieves trying to chop off your finger when they mug you for your phone (assuming they're tech-literate thieves, of course), as well as from people with fake fingers using the fingerprint they lifted from your phone screen.
It won't protect you from someone pointing a weapon at you to make you unlock your phone for them with your finger, but as Validity CTO Sebastian Taveau points out, that's like saying your ATM PIN doesn't protect you from thieves at the ATM threatening to break your kneecaps with a crowbar if you don't withdraw money and hand it over. "How many people do you see limping away from cashpoints?" he asks.
For most users, the real question is how usable the fingerprint system will be. Early reports say the iPhone 5S sensor works well once you've got past having to press your finger down at various angles to register it. That fits what we saw with the Validity and Fingerprints sensors in our demo.
And it's not just about unlocking a device. In Windows 8.1 you'll be able to use your fingerprint to switch accounts, to log into a site that usually need a password or to pay for apps - in the Windows Store, in a third-party store that supports the Windows biometric APIs or inside an app. Unlike Apple, Microsoft is making biometrics available to all developers. No more worrying about kids buying expensive items inside a free game you let them download with your account. Or you could use the sensor to stop anyone but you opening your financial apps or looking at personal photos when you hand them your device to show them something.
Does fingerprint recognition work for everyone? No: guitar players, professional chefs, people who work in dry cleaners and chemical plants, and people in jobs that damage their fingertips will have problems. Plus, there are just some people who don't have discernable fingertips. As many as 10% of the population might have problems using fingerprints for recognition; but that's true of all biometrics from retinal scans to voice recognition to using your typing habits to the pattern of veins in your hands to all the other physical characteristics that have been suggested as biometric identifiers; none of them work for everyone. But fingerprints and the new touch fingerprint sensors are the best so far, says Porter. "We investigated every single biometric trait. To make authentication work, the only solid technology on the market today is fingerprints." It's the best at spotting intruders and not blocking legitimate users, she says.
After all the revelations about government surveillance recently, the next question is whether using your fingerprint to unlock your phone hands it over to the government. No reputable fingerprint technology ever sends a copy of your fingerprint anywhere; instead, the sensor calculates a template that it matches your fingers against later, and it stores that securely. For Apple that's in a secure area of the A7 chip; for Windows and Windows Phone devices, that's inside the TPM security chip that also has the digital certificates for your BIOS and for Windows components. Web sites don't get a copy of your fingerprints; they just get a message saying your fingerprint matched.
This time around, fingerprint systems can be a mix of security and convenience. When seven French banks trialed a system that included contactless cards and fingerprint recognition, 94% of the users in the trial wanted to carry on using their fingers to pay. Half of the shoppers in a UK survey by WorldPay said they wanted to use biometrics to go shopping. We're ready for the convenience.