iOS And Internet Identity

In the past year, based on hacking incidents at several sites, I’ve had to change and strengthen my passwords.

Just now I had to log into a service and was reminded at how bloody long I had to make the password. It now takes a few seconds to type it on a conventional keyboard — more seconds if I wind up making a typo, which I sometimes do.

I was wondering how I’d handle that on the glass keyboard of a tablet. And if people find it frustrating when using an iPad or iPhone.

Which made me wonder, given all the talk of Twitter being a new form of Internet Identity because of its integration into iOS 5, why the iPad and iPhone don’t do identity differently.

Most corporate notebooks have fingerprint scanners in them. I’m not sure Apple would want to go to that additional expense.

All their devices have front-facing cameras, however. Why couldn’t Apple devise software that would algorithmically recognize a face and use it as a password? Would that be possible? There have been some notebooks that have had this feature. But only Apple could popularize it — and probably do it right too.

I just don’t want to face a glass keyboard with these damn long passwords I’ve had to create and memorize.

PS: Yes, I know there are password managers and the like. But every device and every bit of software can be hacked. When it’s stored in my head, it’d take in-person physical torture to get it out of me, not some clever bugger I’d never see at a keyboard in some distant location.

Advertisement

4 Comments

Filed under Apple: The Company, Friction, iOS

4 responses to “iOS And Internet Identity

  1. I have a system that I use that leads to strong passwords. Yes, it’s annoying on an iOS touchscreen. Especially since you have to switch keyboards if you have numbers or special characters in your passwords (and you should). But even more annoying is that Apple forces you to have at least on capital letter in your iTunes password. My system is secure, but it relies on all lowercase letters. So now I have to remember that uppercase letter every time I install a new app or run updates.

  2. Jon

    It’s not drowssap (password backwards) is it?

  3. I did some research on user identification and authentication in my previous job related to identifying viewers watching a television program. We were not particularly concerned about the security issue, but rather with the reliable identification of individuals.

    As I recall, Apple has already applied for some interesting patents on mechanisms to identify users of handheld devices like iPhones and iPads. A quick search turned up these, which I remember having seen at the time:

    HAND HELD ELECTRONIC DEVICE WITH MULTIPLE TOUCH SENSING DEVICES

    SYSTEMS AND METHODS FOR IDENTIFYING UNAUTHORIZED USERS OF AN ELECTRONIC DEVICE

    There may have been some more, but I’d have to refresh my memory on that point. The first patent involves using sensors to perform hand recognition to identify the user and customize the interface to his preferences, and the second one has several claims related to using voice, photo and heartbeat recognition for identification.

    Of course, filing a patent doesn’t mean that Apple is definitely planning to deploy the technology, but it would make sense to use built-in sensors for this kind of thing.

    In my work, since we weren’t worried about security, obvious tricks like using a printed photo of someone to foil the picture recognition were not an issue for us. However, we were concerned about reliable identification in low-light conditions and when the person was viewed in profile or in a horizontal position, such as reclining on the couch. Those wouldn’t be a problem for Apple in this case, but as you say every device and every bit of software can be hacked.

    Like you, I prefer systems that require information that only I can provide. Some of the most interesting ones involve things like image recognition, which is easy to do on a touchscreen device and could eliminate the need for complex passwords. Here is a video showing how such technology might work. I don’t know the details about the solution from Confident Technologies. This is just an example, but I hope we will see some solutions like this to replace entering passwords on touch devices, because it really is a pain–so much so that it’s easy to just stay logged in to services all the time or use a token to avoid having to type passwords over and over. Of course, that just increases the risk of having a problem if the phone is lost, stolen or otherwise accessed by someone with bad intentions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s