Fingerprints and Authentication

Dustin Kirkland wrote an interesting post about fingerprint authentication [1]. He suggests using fingerprints for identifying users (NOT authentication) and gives an example of a married couple sharing a tablet and using fingerprints to determine who’s apps are loaded.

In response Tollef Fog Heen suggests using fingerprints for lightweight authentication, such as resuming a session after a toilet break [2].

I think that one of the best comments on the issue of authentication for different tasks is in XKCD comic 1200 [3]. It seems obvious that the division between administrator (who installs new device drivers etc) and user (who does everything from playing games to online banking with the same privileges) isn’t working, and never could work well – particularly when the user in question installs their own software.

I think that one thing which is worth considering is the uses of a signature. A signature can be easily forged in many ways and they often aren’t checked well. It seems that there are two broad cases of using a signature, one is to enter into legally binding serious contract such as a mortgage (where wanting to sign is the relevant issue) and the other is cases where the issue doesn’t matter so much (EG signing off on a credit card purchase where the parties at risk can afford to lose money on occasion for efficient transactions). Signing is relatively easy but that’s because it either doesn’t matter much or because it’s just a legal issue which isn’t connected to authentication. The possibility of serious damage (sending life savings or incriminating pictures to criminals in another jurisdiction) being done instantly never applied to signatures. It seems to me that in many ways signatures are comparable to fingerprints and both of them aren’t particularly good for authentication to a computer.

In regard to Tollef’s ideas about “lightweight” authentication I think that the first thing that would be required is direct user control over the authentication required to unlock a system. I have read about some Microsoft research into a computer monitoring the office environment to better facilitate the user’s requests, an obvious extension to such research would be to have greater unlock requirements if there are more unknown people in the area or if the device is in a known unsafe location. But apart from that sort of future development it seems that having the user request a greater or lesser authentication check either at the time they lock their session or by policy would make sense. Generally users have a reasonable idea about the risk of another user trying to login with their terminal so user should be able to decide that a toilet break when at home only requires a fingerprint (enough to keep out other family members) while a toilet break at the office requires greater authentication. Mobile devices could use GPS location to determine unlock requirements, GPS can be forged, but if your attacker is willing and able to do that then you have a greater risk than most users.

Some users turn off authentication on their phone because it’s too inconvenient. If they had the option of using a fingerprint most of the time and a password for the times when a fingerprint can’t be read then it would give an overall increase in security.

Finally it should be possible to unlock only certain applications. Recent versions of Android support widgets on the lock screen so you can perform basic tasks such as checking the weather forecast without unlocking your phone. But it should be possible to have different authentication requirements for various applications. Using a fingerprint scan to allow playing games or reading email in the mailing list folder would be more than adequate security. But reading the important email and using SMS probably needs greater authentication. This takes us back to the XKCD cartoon.

2 comments to Fingerprints and Authentication

  • neonsignal

    I feel that a ‘signature’ is not a great metaphor for digital authentication. As you point out, the written signature had two purposes: as a statement of intent; and as a mark of identity. The second function had some aspects of authentication, but a written signature often had a wider context, perhaps including witnesses, or even a wax seal.

    In a contemporary context there are two problems with this ‘signature’ metaphor as a mark of identity.

    The first problem is anonymity; communications with strangers have become more common. What we seek is to establish trust, not necessarily to authenticate identity (at least in the traditional sense of identity as name, face, and so on). Trust comes from a series of interactions, so it is this chain of interactions that must be authenticated (eg, OTR messaging).

    The other problem, paradoxically, is lack of anonymity. In the past, a written signature was not seen by many people, and not duplicated widely. Forging signatures was like picking locks; not so hard to learn, but a risky occupation. The whole signature metaphor became obsolete when we started photocopying and faxing written signatures; they no longer served any authentication function at all. People can now find out a lot of detail about total strangers, certainly enough to impersonate them in many contexts, with a low chance of being caught.

    A better metaphor is the ‘key’. Physical keys are not linked to identity, since locks can be changed. They serve to authenticate that the person opening a lock is the one who has possession of the key, not to authenticate any other aspects of their identity.