Friday, June 10, 2016

Editorial: Future improvements and implementations of Touch ID I would like to see


Passwords are horrible. They were fine way back in the days when we only needed a handful of them, but these days you need a password to do everything from transferring photos from a camera to an iPad through to ordering a pizza. We probably each have hundreds of the darned things.

And passwords are especially horrible on iOS devices – where we have to switch an on-screen keyboard between letters, numbers and symbols multiple times to type a single password. That’s a problem that ought to have been almost completely solved by Touch ID – yet that’s not the case. Hopefully with WWDC 2016 coming this Monday, June 13th at 10AM PST (1PM EST), my hopes will come to fruition.

Keychain and password managers help with websites but they are still not a 100% reliable way to login – and these days it’s often apps, rather than websites, to which we need to login.

Some apps support Touch ID, of course. I can remember breathing a sigh of relief when my small town credit union did. Instead of having to type random characters from my password and then answer a security question but now I just put my thumb on the sensor and I’m in.

But many apps still don’t. Implementing Touch ID in an app isn’t difficult, yet a great many developers haven’t bothered. Indeed, as with 3D Touch, not even Apple has implemented it fully in its own apps.

It’s only in iOS 9.3 that we got secure notes – and with that the ability to use Touch ID to open them. And while iOS 8 introduced the ability to hide photos, there’s no protection of that ‘hidden’ photo album. Indeed, if you did let anyone look through your photos, that album would be the first place anyone would look for any ‘interesting’ ones. That, surely, is the poster child for Touch ID protection in one of Apple’s own apps?

So I think there are three things Apple needs to do to realize the full potential of Touch ID.

First, fully implement Touch ID in its own apps. While Touch ID protects the device as a whole, it’s not unusual for people to allow family and friends to use it – including kids. There may be plenty of sensitive data on an iPhone besides hidden photos.

Find My iPhone is a case in point. If you’re already signed-in, anyone using your device could use it to remotely wipe any of your other devices. Anyone have any teenage kids who might think that was amusing? Find My Friends, too – the whereabouts of your family members and friends isn’t something you’d necessarily want available to anyone with access to your phone in general.

Mail is another example. If you have multiple accounts, you may well want to protect access to one or more of them. Same with Messages – if a friend has texted you their bank details to allow you to pay for something you’ve bought from them, you’ll probably want to keep that thread secure.

The Health app, too. Body measurements are something people may wish to keep to themselves. I’m sure there are other examples, but you get the idea.

Second, make it an iTunes review requirement for any third-party app with a login for it to offer Touch ID as an option. Not everyone will choose to use it – you may, for example, use a single app with multiple accounts – but it should always be an option.

Third, go one step better than this: provide system-level app-locking as an iOS feature. In that way, users could choose to use Touch ID to protect any app – Facebook, Twitter, Google Authenticator, you name it. If Apple then passed that login confirmation to the app, the app would also know it was ok to login users automatically. (Again, you want a setting for this, for apps where people have multiple accounts.)

Implementing these three features would be a win-win for Apple and its customers: increasing the security of the devices, while at the same time making many apps more convenient to use.

No comments:

Post a Comment