Biometrics and Security
Last Year: Apple Pay Gives Us A Reason To Like Biometrics
I've already expressed my love for Apple Pay, a feature that lets you pay in person or online without swiping a credit card or entering a password. Instead, you press your finger against the Touch ID button found on newer iPhones and iPads, and let the whorls and loops do the work. More than just a tool for the lazy — though entire tech empires have been built on catering to laziness — Apple Pay has the potential to make whole classes of data breaches and point-of-sale scams (such as card skimmers) obsolete.
There's a larger implication, though, that involves the wider field of biometrics. Until now, there have been no truly widespread applications of biometric technology that aren't creepy — such as face recognition — or limited to law enforcement, such as DNA analysis. Apple Pay demonstrates that biometrics, when handled correctly, can actually increase privacy (by exposing less of your information to vendors).
This Year: For Passwords, the Beginning of the End
Apple may have provided the best business case for biometric technology in consumer electronics, but other forms of useful physiological authentication are coming closer to market. These range from the Nymi, a wristband that uses your heartbeat to verify your identity (the company is taking preorders) to Intel's True Key, an invite-only facial recognition app that uses a phone, tablet or computer's camera to check for your unique facial proportions. And at this year's Consumer Electronics Show, a company called EyeLock showed off a prototype of a laptop that's only accessible via iris scan.
What all of these systems have in common is a proposal — the death of the password, by any biometric means possible. Along with preventing consumers from keeping an ever-growing store of passwords, or else risk using the same ones across multiple devices and services, biometric access solutions could make many kinds of data breaches obsolete. When hackers lift a vast list of passwords, they can potentially use them to steal users' identities. But just as Apple Pay doesn't store a database of fingerprints, but rather uses that verification to create a disposable, one-time set of data for authorization, systems that verify a user's iris, hearbeat, or face wouldn't leave a trail of vulnerable data for thieves to profit from. In other words, while passwords sit around, waiting to be stolen and repurposed, biometric access creates the equivalent of self-destructing passwords, that lose their value within moments of being created.
Though none of these systems is likely to become as popular as Apple Pay in 2015, the battle lines in the field of useful, consumer-level biometrics are being drawn. And the more body parts we become accustomed to scanning, the closer we'll be to the long overdue end of the password.