Apple TouchID has completely changed my expectations of how security should work on my mobile phone and I don’t doubt it will change other people’s as well. And very quickly.
I’ve become converted to TransferWise for sending money between my UK and US bank accounts. It’s a great service and I like their app. But I had a bit of a shock when I last opened my TransferWise app…
Great, I thought, and carried on without paying much attention. What had happened, of course, was that the iOS 8 version of the app used TouchID because Apple opened the API up for developers and now they can take advantage of it. The very next app I opened was by Telegraph Fantasy Football app.
I was infuriated by this and so couldn’t be bothered any more. And afterwards, I couldn’t help but reflect on how quickly this had happened. A couple of days after installing iOS 8 and already I can’t be bothered to use apps that make me enter a username and password. Interesting, I thought, but put the thought to one side. Then, later in the day, I went to check a personal e-mail account…
I forgot that Google made me change my e-mail password and I couldn’t remember what I’d changed it to. And then I thought: screw this, I can’t be bothered. It’s getting worse. I’ve been getting more and more annoyed all day. I tried to upload a photo to our corporate Flickr account
Here’s what should have happened, of course. I go to the Flickr site and select “Apple ID” or whatever. Since Safari knows what my Apple ID is, Apple can send a message to my iPhone to pop up a screen telling me that Flickr wants to authenticate and asking me to use TouchID. My fingerprint is recognised and – hey presto – I am automagically logged in to Flickr.
There are two reasons why this is such a huge step forward (even though, in security terms, the fingerprint authentication is not the most secure of all possible mechanisms). The first is that it means old and forgetful people like me don’t have to remember passwords any more. The second is that I don’t need to use two hands to log in, which I normally do with a username and password (because I transfer the phone to my right hand and type with my left, or alternatively type slowly and frequently inaccurately with my left thumb). I was playing with a prototype that our HyperLab guys built for another project last week and it was similarly easy to use the built-in TEE FIDO client on the Samsung S5 with fingerprint authentication, the delivering a standard authentication infrastructure that means real convenience. I think this is going to spread quickly.
I say that because I was completely unprepared for how quickly I have become frustrated with apps that use “conventional” authentication. It’s only a matter of time before I simply will not bother with any that stay with it. This is one of the issues that I expect to see covered in the fantastic session on Mobile Identity and Security that I will be moderating Money2020 this year (Tuesday 5th November, Track 4, Session 6). I lucked out and got a superb panel to discuss this crucial field:
- Yishay Yovel – Software Group, Security Systems, IBM;
- Rodger Desai – CEO, Payfone;
- Ben Cade – CEO, Trustonic; and
- Chirag Bakshi – CEO, Zumigo.
What a great lineup. Look forward to seeing you all there!