This was a “of course!” moment for me.
Yes, exactly, fingerprints are authentication, not authorization. The fingerprint is a moniker, a hash, a “true name”. In fact, it’s a pretty awesome username, because it’s hard for me to forget it.
But any biometric value is horrible for a password. Once it’s copied, I am screwed, because I can’t change it. This is why biometrics should never be used for passwords, because even if they were hard to copy (and they currently are not), you can’t change them.
Now, one big challenge is that authentication in the current parlance combines identification with proof of identification – the combination of userid and password is the authentication. So we should have three things:
- identification – who you are. Anyone can know this.
- authentication – id + password. You prove that you are you.
- authorization – authentication + rights. You can now access some specific thing
Authorization without authentication is just “here is a set of things that anyone is allowed to access”. Public domain is a set of rights attached to the user “anyone”.
I’d love to see iOS 7.1 with the fingerprint just being the id, and then there’s still a traditional and optional password. This would be far more secure for most people, because most people don’t use a password on their phone, but it doesn’t pretend to be actually secure, you need a password for that.
Or a second phone to do the phone-in authentication to use the first one