A take on pragmatic security and Face ID

Security in today’s world is challenging to implement without making it a matter of privacy or ridiculously difficult for the end user. Passwords, PINs or Memorable Words? While many service providers implemented a multi-step verification system, it is still far from perfect. Troy Hunt, in his recent article nicely explains this:

here’s the problem with multi-step verification: it’s a perfect example of where security is friction. No matter how easy you make it, it’s something you have to do in addition to the thing you normally do, namely entering a username and password. That’s precisely the same problem with getting people to put PINs on their phone and as a result, there’s a huge number of devices out there left wide open.

Anecdotally, I have friends working in hotels and you won’t believe how many people who forget their phones don’t even have a passcode.

I found one survey from 2014 which said 52% of people have absolutely nothing protecting their phone. Another in 2016 said the number is more like 34%. Keep searching and you’ll find more stats of wildly varying values but the simple fact remains that there are a huge number of people out there with no protection on the device at all.

Systems like TouchID and now FaceID make this friction go unnoticeable. Over the past couple of weeks we had many people and news outlets lay their opinions and concerns with where technologies are headed. It’s particularly easy in the the machine learning and artificial intelligence space to exaggerate the outcome, but at the same time I understand where these concerns are coming from. I believe it’s great that we’re having a discussion about the implications of such technologies. We had them 4 years ago with Touch ID and we are having them now. But there is no reason to fear monger the whole world, serving Black Mirror style  stories.

How well and consistent Face ID will is yet to be reported. But if there is a company who can get it right, then that is Apple. Stay secure.

Face ID, Touch ID, No ID, PINs and Pragmatic Security →

Leave a Reply

Your email address will not be published. Required fields are marked *