Apple wants to replace all passwords with biometrics

[Rruchi man]

People should be given the option to use the classic ways to protect their accounts or choose the biometric option - because if Apple thinks everyone is so naive as to use simple passwords that you can guess, I say there are people who know how to protect themselves well without biometrics.

The freedom of having options to pick from should not be taken away. The insecurity and vulnerability that they are seeking to eliminate will always exist, users have a special role to play in safety of their device/account.

There are many disadvantages to choosing biometric technology alone, I recently got burnt trying to carry a hot pot from the fire with my bare hands, it caused a nasty injury on my thumb which happens to be the only finger I registered as a biometric pass into my mobile device, because the injury affected my fingerprint pattern temporarily, I experienced some challenges trying to access my phone. If I had not set up ''password access'' as a fail safe, I wonder what I would have done and how I could have accessed my phone.

Biometric access which largely depends on physicality's like your face and fingerprint cannot be depended on alone because they do not account for cases of accidents where a victim may loose access to their device/account because of a lost limb(arm) or a face disfigured by accident. And what of a situation where some individuals need access to your device/account. It will be easier for them to tie you to up and forcefully use your biometric details (face or fingerprint) to access your device without your cooperation than for them to gain access when your password is not just biometrics.

The assumption that apple is building on that people do not have very secure passwords hence trying to make biometrics their best and only option should not be accepted. The freedom to choose should not be taken away.

[1714896793]

1714896793

[1714896793]

1714896793

[1714896793]

1714896793

[1714896793]

1714896793

[Zlantann]

This innovation is welcoming because it would indeed improves the security of Apple devices. But I think it should be optional and not a compulsory requirement to own an Apple device. I have experience diverse issues using fingerprints and facial ID that my best security option is using password. Transferring one's personal data to a company is riskier than password. With passwords I have the sole responsibility of protecting my password but with biometrics I have transferred my security to a company. For me, my trustworthy wife knows the passwords to all my devices because of uncertainties. If biometrics is the only option, how would the device be unlocked in case of death, accidents that effects the face or hands or in case of other emergencies?  

[so98nn]

Most of the age groups are familiar with the biometrics these days and also in all android users are way more than apples users. However, Android has smoothly implemented their biometric logins on all the smartphones.

So this feature is further integrated with all the apps on the play store (same goes for iOS App Store) wherever login credentials are required it can be replaced with face or fingerprint recognition.

I think we are already one step closer to what Apple is dreaming. It won’t be big deal for them.

Even banking apps / Unified Payment System apps use this feature.

[doomloop]

Apple's shift towards biometric based passcodes trends in the opposite direction. It limits their userbase by hardware support. Fewer end users have facial or fingerprint recognition to support the system.

Over the years there have been many successful attempts to fool fingerprint scanners. Biometrics certainly are not foolproof or hack proof.

Does anyone think this will succeed?

This wasn't a new thing but we already have these types of security before and I think that many people don't prefer them but they still prefer the old school way of accessing their device and that is the password and the 4 digit pin. The reason why is the device sometimes doesn't unlock in fingerprint and facial recognition because your face looks different sometimes and your fingers are sometimes wet or sweaty.

If fingerprints can be bypassed then there's a chance that facial recognition can be bypassed as well. There is no safe anymore in this world. I think the only thing we can do is don't store all your funds or important data's on your phone. Just in case it'll be accessed by an unauthorized person.

[Johnyz]

I agree that biometrics isn`t perfect decision, there are also problems with it, apple just need to do smth, so they do it, but I am not sure it will be popular among users

We can’t expect a perfect system right away, most probably problems will still occur but the whole idea and concept of using biometrics is amazing, the future is still bright for us and hopefully they can work on this perfectly so we can expect a more secured way of having an accounts. This is a good innovation, many will surely adopt with this once its out in the market.

[goaldigger]

Over the years there have been many successful attempts to fool fingerprint scanners. Biometrics certainly are not foolproof or hack proof.

Does anyone think this will succeed?

There are issues before but maybe this time, it will work better since it will serve different purpose and seriously with the technology that we have right now, we might really end with this kind of system. I’m an apple user and I’m willing to give this a try as apple continues to work with other companies as well, this can be a good security once successful after all. There will be a trial and error, let’s just hope for the best result in the future.

[famososMuertos]

This innovation is welcoming because it would indeed improves the security of Apple devices. But I think it should be optional and not a compulsory requirement to own an Apple device. I have experience diverse issues using fingerprints and facial ID that my best security option is using password. Transferring one's personal data to a company is riskier than password. With passwords I have the sole responsibility of protecting my password but with biometrics I have transferred my security to a company. For me, my trustworthy wife knows the passwords to all my devices because of uncertainties. If biometrics is the only option, how would the device be unlocked in case of death, accidents that effects the face or hands or in case of other emergencies?  

The traditional option is not lost, I think in any case it is a question of the ToS (Apple).

By the way, this is is a really old technological system (it seems recent) but not , it has taken a long time to be of frequent use, but it has more and more "fashion" for its implementation in cell phones, who are really making it more frequent.

Your question in any case seemed interesting to me and although it is not specifically related to Apple I would like to share this link.
^{Will Fingerprint Work After Death?:https://newspatrolling.com/will-fingerprint-work-after-death/}

[Welsh]

Apple has never been known for its security to be fair. More about collecting data, same as Google, actually come to think of it, every company out there. Since, data makes money. Security, doesn't necessarily do so.

Do I think it'll pass? Maybe, not right now. However, it has come quite clear that in modern times we're getting lazy, and therefore we seek out convenience over security. Therefore, biometrics actually appeals to the vast majority of their network. So, yeah I do think biometrics will eventually become the standard.

However, I imagine they'll keep the optional passwords. If not, they'll likely be met with laws that make it compliance to offer the option. EU in particular is quite strict on these sort of things, I believe they recently passed the requirement for all Apple phones to require USB C rather than their own connector.

[bitzizzix]

Biometrics are just as effective as passwords, but for security there are special features like those found in Apple's biometric sensors. That is, it will not work if the subject dies.
and the mechanism can be said to be difficult, there is a weak current sensor that distinguishes living and dead body tissues. What is clear, surely the price of research and production is expensive.
If commonly used biometrics are relied on as privacy protections, then the vulnerability of crime increases, perpetrators could cut a finger or kill to forcibly unlock on condition that the account holder refuses to log in although it is unlikely, but reasonable if possible. something.
and on the other hand it is very dangerous in terms of cybersecurity, because if our data is hacked then hackers can ensure the validity of our data very accurately because biometric login and lock out activities can only be carried out by the subject recognized by the device.
There will be good and bad sides depending on who uses it whether it is important or not and whether we have to keep something valuable in it.

[Paul Pogba]

Security issues are increasing because more and more data theft, this has become the most important thing for many companies so that various ways are done to ensure data security, what Apple is actually doing is not the first idea, because I've heard many companies have ideas for security, namely by biometrics for PIN or password.

[South Park]

This should succeed in the future since this is the only solution to secure accounts compared to using a password that is vulnerable to any attacks like phishing, brute-force attacks and etc...

Biometrics is already been tested for many years not just on Apple devices but also on Android devices. I have my phone not apple but Samsung the Iris scanner for my pattern or passwords looks the best Biometrics that I have ever experienced.
 
But I hope they don't totally remove the password login because if the owner or a user accidentally has a broken/missing finger or had scars on their face they can't easily access their account and it may become an unrecoverable account.

So owners/users should still have an alternative way to log in like passwords or recovery seed for emergency cases.

Without a doubt those which have no problems with a private company having all their biometric information or that are not worried about such information getting leaked are free to use a service like that, however the issue is that now it seems passwords are not going to be an option in the future, when passwords have many advantages, not only they can be incredibly secure you can use a lot of them which means that if one account is compromised you only lose whatever was in that account and not everything as it will be the case with biometrics.

[Pomogator]

Despite of biometrics solutions being better than passwords, they are still vulnerable to theft of data, the biometric information can be stolen.
I'd rather an approach where people started to use universal small cryptographic devices which would work in a similar way Trezor T does to login through U2F, maybe even combine both approaches to harden the security of the accounts.

In the end, we can change our passwords but we cannot change our fingerprints, our iris or face so easily...

Indeed, it is enough that once your biometric data falls into the hands of scammers, and this is where your privacy will end. I'd rather change my password than give my biometrics to some scammer. And I'm not one of those people who put passwords like 12345 and so on. Crazy people. 

[mbe48]

I think it's Simple and secure by describing the Password Lock technology. A passkey increases your security by eliminating the need to store and use passwords. That's a good thing because passwords are notoriously insecure. Many people use phrases that are easy to remember and can be guessed easily. So what Apple has done is an incremental act of upgrading, then hackers will be harder to break into

[jackg]

I wonder how they plan to make the system secure against malware and similar attacks.

Isnt their system already secure enough? I havent read any news about Apple biometrics being hacked. I remember there were few cases when Apple added face id in 2017. But that these cases were exceptions and in most cases, people did not figure out till the end how system works and raised panic. Right now, Apple biometrics systems looks like most secure. If a user sets face ID security or a password, even Apple cant crack it.

I think there's less of an incentive to hack the current biometrics used though (unless you mean by bypassing them - and I think there are still vulnerabilities that are found in their login process, a 6 digit pin in fairly easy to crack though if you've got another device to host the bruteforce attack - I don't think it's possible to use biometrics as soon as you turn on most devices for example and with apple, you can't use biometrics if you've held down the power button for a long enough time to end up on the confirm shutdown screen).

Being able to get access to every account somenoe has is a lot more useful to an attacker than gaining biometric info.

[CryptocurencyKing]

What is wrong with these guys @Apple, that a user chooses what is secure for him or her and it happens to be 12344 or 123456789, what then is there concerns about it. Should they go "*÷€÷&fsjvcak÷*÷^:÷fdgebrova&"$×( only to forget it Immediately after they've created it? They ought to live users to decide what is convenient for them. Bes the know, they are offering the service and users makes use of it the way that suits best with them.

Biometrics isn't a 100% as there could be fowl play and some smarty pants will surely come up with ways to cheat the system which I think, would be all too easy compared to password combinations. Apple uses mainly passcode in place of password, they should ensure proper passwords that are supposed to be Alphanumeric.

[Hispo]

-snip-

-snip-

-snip-

Btw
Would you be okey using biometrics to lock-unlock your personal devices if your data were localy stored instead in custody of a big tech company?

_______________________________________________________________________________ _

-snip-

Privacy concerns aside, people would most likely use this feature simply because it's far easier to use and the fact that the typical person doesn't need to remember passwords. This is the main reason why these companies win a lot of users while privacy freaks are very low in population — simply because these companies know how to nail UI/UX.

That is part of the essence of human advance through history, after all: seeking comfort and ease. I'd dare to say that in the end, science and engineering ultimate goal is to put laws of the universe at the service of humanity to make our short lifespan as comfortable as possible, of course this is the ideal point of view, we know there are hidden interests and wishes for massive profits.

What i am trying to say is that Apple knows that anything that makes users lifes at least a lil bit easier has a high chance to succeed, even though, people ignore they are giving up part of their identity in exchange of saving a few seconds to type a password/use two factor authentication.

[jrrsparkles]

Biometric security actually sucks, recently I watched a video in the YouTube not sure about the device they used but it is recently launched and successful so probably Samsung if I am not wrong. While scanning the finger print in the first place we need to scan multiple times atleast 5 before setting up the finger print so they decided to scan five people's thumb for the one finger print but the result is five people managed to unlock the device with only one finger print setup.

So its less secure than passwords so don't go for it and I don't think they will enforce it completely to go with only biometric security system for their devices.

[NotATether]

...So how does it work? Passkeys replace your tired old passwords by creating new digital keys using Touch ID or Face ID, Apples vice president of internet technologies, Darin Adler, explained at WWDC. When you are creating an online account with a website, you can use a Passkey instead of a password. To create a Passkey, just use Touch ID or Face ID to authenticate, and youre done, Adler said...

One word is enough to summarize this proposal: HA!

Attempting to replace passwords with fingerprints && facial recognition is never going to succeed, no matter who tries. There will always be a voiceforous population using the devices that will never consent to using these methods of authentication for privacy or usability reasons (e.g. what happens when you're wearing gloves during winter, or sunglasses), and since Apple is the one implementing this, it's guarranteed to fail because they never look beyond their own product ecosystem.

Maybe they get a few million people to use it, but nobody is going to be able to not only force websites to implement such an authentication BUT SIMULTANEOUSLY force users to change their passwords at the same time.

Talk about a fighter jet that's blown up before it even takes off...



You want true alternatives to passwords, at least for desktop logins? Then use an adapation of SSH, a proven method of authentication (no-one has ever been able to crack a 4096-bit RSA key yet). Adapt it by putting them on USB sticks, memory cards, and other portable media with a special filesystem. Then when the device is inserted into the computer, the OS automatically sees the private key, and mashes it against the public key and authenticates you.

For added security, use modifications of seed phrases or diceware as a secondary login method, where the user can input 8-12 words words from a fixed bank of 10,000 or so words that users are advised to write down and store in a safe place like a wallet (yes this will make this login method vulnerable to theft, but it makes the most prevalent method of break-ins - remote brute-forcing - impossible! )


Last method can be ported to mobile devices, and so can the first one if such a standard is adapted to authenticate using a Bluetooth private key authentication device as well! (Just hold the device anywhere near the lock screen while pressing a certain "Authenticate" button on the key device.)

[monineklutak]

I think it's Simple and secure by describing the Password Lock technology. A passkey increases your security by eliminating the need to store and use passwords. That's a good thing because passwords are notoriously insecure. Many people use phrases that are easy to remember and can be guessed easily. So what Apple has done is an incremental act of upgrading, then hackers will be harder to break into

What Apple has done we need to appreciate and indeed there have been many cases of security using compromised passwords,
sometimes when we use phrases that are difficult to guess, things like that still happen because hackers are also very skilled at doing that

[noorman0]

What makes Apple customers confident that they can even protect themselves? especially when they are carrying their device in a semi-conscious state due to the influence of drugs and alcohol at a party, biometrics are even easier to hack imo. Instead of learning hacking techniques, you just need to learn basic pharmacy science to anesthetize Apple users.

Now with AI technology can replicate a person's face that is close to the original.