Using your physical characteristics like retina or thumbprint to unlock a phone is really just the tip of the iceberg when it comes to this emerging technology.
The iPhone 4 was the first Apple device to use a fingerprint as a password1. While Apple calls this technology “Touch ID”1, this is what’s known in academia as a biometric authenticator. This device made biometric authentication mainstream when it released in September 20132, but the theory existed in pop culture as early as 19683. This form of technology security is present on five Apple devices since 2013. Different forms of biometric authentication are on the verge of changing the way modern technology users think of passwords.
A fingerprint used as a password is only one form of a biometric system. A biometric is better known as a measurable biological characteristic that can be used as a marker, such as a fingerprint, retina scan, keystroke pattern, vocal cord pattern,4 heartbeat5 or behavioral attribute6.
A behavioral attribute is the way a user interacts with a tool or program. The pattern a user uses in an application can be used to verify that the user is the owner of a device and therefore unlock other applications. This form of verification, like analyzing a fingerprint, is biometric authentication.
Before this technology was on smart phones, it existed in television, movies and other consumer-grade devices. In film, voice recognition was used as a password in 2001: A Space Odyssey (1968) and fingerprint scanning was used as a password in Back to the Future II (1989)3. In more recent history, IBM first released a laptop with a built-in fingerprint scanner to the market in 20047.
Pixar’s The Incredibles (2004) referenced biometric authentication in a scene where a character used a retina scan as verification. This technology can be directly attributed to John Daugman.
Daugman developed a system in the 1980s that creates an algorithm from the image of a human retina and compares it against a library of other retinas for matches.8 Daugman graduated and received his doctorate from Harvard University and is a lecturer at the University of Cambridge.9 The retina scan uses 255 data points for verification, compared to a standard fingerprint scan that uses 70 points.8
Using biometrics as a form of authentication is innovative because the standard user verification method is using a memorized password. As more processes become digitized, like fitness tracking, storing personal video and picture files, banking, personal communication and similar private actions, the incentive to crack passwords increases.
Even passwords thought to be strong should be changed frequently and not written down.10 When a user is held responsible for dozens of passwords they need to constantly update for them to remain strong, many will choose to write them down instead of memorizing them, undoing some of a password’s perceived strength.11
The Real Big Deal
Not having to memorize a password and using either retina scanning or behavior tracking lifts a burden from users and leads to innovation. Instead of using a password to unlock a smartphone, a user could instead interact with a biometric daemon.6 A biometric daemon is an application that has a familiar the user interacts with.
For example, the daemon could be represented as a cartoon cat. Whenever a user picks up their smartphone, they are presented with multiple creatures and how they proceed in this scenario helps the program recognize the user. One of these creatures will be the cartoon cat the user regularly interfaces within a specific manner. Perhaps the user always taps the top of the cat’s head when they are waking up their phone.
After developing a rapport and pattern of behavior with their biometric daemon, the program can recognize different users.
The Briggs and Olivier article outlines a form of biometric daemon that a user first nurtures and imprints upon when they set up their program, and those behaviors are stored by the daemon. When the user is not actively interacting with their daemon, like they are at school, the daemon can asses the local network and become familiar with what other daemons or devices are in the area. This assessment helps the daemon recognize when it needs to become aggressive and test the user to see why they are in a strange location.
Different forms of biometric authentication are on the verge of changing the way modern technology users think of passwords, simply because users will no longer have to think of their passwords. The user interacting with the application is the password.
“Use Touch ID on IPhone and IPad.” Apple Support. Apple, n.d. Web. 01 Dec. 2014.
Bhasin, Kim. “How To Get An IPhone 5S On Launch Day (No Guarantees).” The Huffington Post. TheHuffingtonPost.com, 19 Sept. 2013. Web. 01 Dec. 2014.
“Biometric Locks in the Movies.” GoKeyless Blog. N.p., 23 Nov. 2011. Web. 01 Dec. 2014.
Kay, Russell. “Biometric Authentication.” Biometric Authentication. Computerworld, 4 Apr. 2005. Web. 01 Dec. 2014.
Basulto, Dominic. “The Heartbeat vs. the Fingerprint in the Battle for Biometric Authentication.” Washington Post. The Washington Post, 21 Nov. 2014. Web. 01 Dec. 2014.
Briggs, Pamela, and Patrick L. Olivier. “Biometric daemons: authentication via electronic pets.” CHI’08 Extended Abstracts on Human Factors in Computing Systems. ACM, 2008.
Germain, Jack. “IBM Introducing Fingerprint Reader into Laptop.” IBM Introducing Fingerprint Reader into Laptop. Tech News World, 04 Oct. 2004. Web. 02 Dec. 2014.
Donnelly, Sally. “Your Eyes Can Tell No Lies.” Time. Time Inc., 18 Nov. 2001. Web. 02 Dec. 2014.
“John Daugman.” American Scientist Online. American Scientist, n.d. Web. 02 Dec. 2014.
Florêncio, Dinei, Cormac Herley, and Baris Coskun. “Do strong web passwords accomplish anything?.” HotSec 7 (2007): 6
Yan, Jianxin, et al. “The memorability and security of passwords: some empirical results.” Technical Report-University Of Cambridge Computer Laboratory (2000): 1.
This piece was originally done as a homework assignment.