A lot has been said in the just-over-a-day since Apple unveiled the new iPhone 5S with their new Touch ID fingerprint sensor.
Let's take a look at what we know so far: A lot of people online are saying that Apple's implementation of Touch ID is something new and fresh, and likely hard to defeat. I don't believe this is the case, and based on a lot of comments I'm seeing online on stories, they're missing something critical here:
Apple did not announce the ability to scan sub-dermally. They announced the ability to scan sub-epidermally. What's the difference, you might ask?
Let's take a look:
Apple stated both in the keynote and in the related Touch ID videos that the sensor scans sub-epidermally, not sub-dermally. Does this mean they're only scanning inside the epidermis? That is exactly how a capacitance scanner works - it detects the very minute capacitance differences in the epidermal layers based on the ridges of your fingerprint. The ridges of your fingerprint are ever-so-slightly thicker than the valleys, which makes them vary in capacitance enough to detect.
On the Touch ID video, Dan Riccio, Senior VP of Hardware Engineering, said quite succinctly: "The sensor uses an advanced capacitance sensor to take, in essence(emph. added), a high resolution image of your fingerprint from the sub-epidermal layers of your skin.
Further in the video, we are told that: "...it (Touch ID) categorizes your print by one of three basic types: arch, loop or whorl." Nothing new or particularly exciting here. This is how your typical capacitance sensor works. No subdermal scanning.
Phil Schiller's portion of the keynote said quite clearly that they're using sub-epidermal scanning... not sub-dermal. Was this intentional? Apple doesn't usually goof on this stuff.
Finally, I've seen this image all over the 'net in the past day: Nothing like a little anthropomorphizing meme to get the laughs, right?
According to Apple - this is patently impossible. According to the keynote, the fingerprint data is stored "...inside a secure enclave... inside the A7 chip."
Even if this is true, it remains to be seen if it stays that way. We know that Apple stores Siri searches at their data center for up to two years... would it take much of an OS update to start sending your fingerprint data as well? Let's not forget that if the NSA decided to send Apple a National Security Letter compelling them to turn over that information, we'll likely never know about it... Apple's top brass can't pull a Ladar Levinson/Lavabit and pull the plug; they have shareholders to answer to.
Now, notwithstanding all of this, while it appears that Apple's initial implementation of Touch ID is simply a convenience tool, one that eliminates the need for consumers to enter either an easy-to-guess or hard-to-remember passcode, the wide-scale implementation of a biometric authentication device on this scale, coupled with Apple's famous attention to ease-of-use interface design, means that we may be on the cusp of finally moving away from simple single-factor authentication into multi-factor authentication.
And in my opinion, anything that expands our discussion on moving away from single-factor authentication is worth all the media attention. Kudos to Apple for putting such focus on it.