Blog Post

Giving the Fingerprint

BeckyStrause

Apple just released the new iPhone 5s with a new the new security feature of Touch ID. This new fingerprint identity sensor is part of the home button and allows the user to unlock his phone without a password. Apple explains it this way (emphasis mine), “Put your finger on the Home button, and just like that your iPhone unlocks. It’s a convenient and highly secure way to access your phone. Your fingerprint can also approve purchases from iTunes Store, the App Store, and the iBooks Store, so you don’t have to enter your password. And Touch ID is capable of 360-degree readability. Which means no matter what its orientation — portrait, landscape, or anything in between — your iPhone reads your fingerprint and knows who you are. And because Touch ID lets you enroll multiple fingerprints, it knows the people you trust, too.”

“Highly secure” seems to be a debatable phrase. Tech writers everywhere are talking about how Chaos Computer Club (CCC) has successfully bypassed the biometric security of Apples Touch ID by basically copying the users’ fingerprint and creating a fake. The way they did it is all explained in this step-by-step guide. Some say this is nothing to worry about because if someone is stealing your finger prints, you have something bigger to worry about. I see what they’re saying, but don’t entirely agree. The fact of the matter is, it’s been proven that stealing your fingerprint to unlock your phone is relatively easy to accomplish and seemingly something that most people could learn to do. So, how safe is Touch ID security? As a first level, with a PIN acting as a second level of security, it’s very secure. But if you’re using just your fingerprint, you may be missing something.

Senator Al Franken pointed out in his critic of the iPhone 5s security that, “Passwords are secret and dynamic; fingerprints are public and permanent,” Franken wrote. “If you don’t tell anyone your password, no one will know what it is. If someone hacks your password, you can change it — as many times as you want. You can’t change your fingerprints. You have only ten of them. And you leave them on everything you touch; they are definitely not a secret. What’s more, a password doesn’t uniquely identify its owner — a fingerprint does. Let me put it this way: if hackers get a hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life.”

The other issue of using a fingerprint as sole security authentication is a legal one. This article on HITB Sec News brings up the legal effects of moving from PINs to fingerprints. As they point out, the Fifth Amendment may not protect a person “when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).”

As much as it may be a pain to continue using a PIN for security, it may be the best option… at least for today. As always, we’re anxious to see what tomorrow brings.

< Older Post Newer Post >

Mail

Eberly Systems Acquires Lebanon County LYLAB Technology Solutions

By Eberly Systems • 02 May, 2024

West Lawn, PA, May 2, 2024 — Eberly Systems , the West Lawn-based managed IT services and managed voice provider, today announces its acquisition of the Lebanon-based LYLAB Technology Solutions. Eberly Systems seeks to further a movement of people who are motivated and equipped to make a difference in their world through their daily work. They believe in building lasting partnerships based on trust and transparency while delivering industry-leading solutions to support and protect critical business assets. Driven by the principles of people, excellence, integrity, and stewardship, the team prides itself on partnering with companies to securely, reliably, and efficiently grow their businesses. “We cannot be more excited to join forces with the LYLAB team,” comments Kordel Eberly, Eberly Systems President & Founder. “ The integration of LYLAB Technology Solutions into Eberly Systems solidifies our commitment to providing small businesses with unparalleled service and support. We’re proud of this new opportunity to carefully design and manage the IT infrastructure and systems of even more local businesses and communities.” The acquisition solidifies the Eberly Systems commitment to supporting businesses in Lebanon County. Merging the two teams together as one entity offers the collective team the benefit of enhancing capabilities, refining processes, and extending reach to better serve the evolving needs of small businesses in the surrounding area. Future plans include expanding their presence into Lancaster County.

Navigating Small Business Success: The Power of IT Outsourcing for SMBs

By Eberly Systems • 16 Jan, 2024

A trusted MSP can be your invaluable strategic partner.

Enhancing Business Security and Productivity with Microsoft Office 365

By Eberly Systems • 02 Jan, 2024

These 5 key features of Office 365 Business Premium make it essential for businesses to have.

Key Notes from the Security Team: Q4 2023

By Eberly Systems • 19 Dec, 2023

Eberly Systems has been hard at work over the last year in a concerted effort to enhance the security posture of our clients’ information technology environments. Here are the quarterly updates.

Customer Success Story: Construction

By Eberly Systems • 03 Jul, 2023

After years of steady growth, the workforce at a construction development and property management company was becoming increasingly frustrated by disorganized data. Eberly Systems deployed a hybrid cloud storage solution for efficiency and secure data access.