Skip navigation

Leveraging Apple's Touch ID

Screen Shot 2013-09-18 at 9.52.12 AM Apple recently announced their "Touch ID" feature with a range of reactions that sway from consumer excitement to the fear that a severed finger is the next authentication bypass vulnerability we should all worry about. This is of course a big step for biometric technology adoption as Apple has the user base to take this feature from a gimmick to a daily reality for millions. Certainly there will be ongoing concerns about privacy until further technical details are provided about how the fingerprinting process is being handled and stored. Despite all of the concerns, users want to know when their favorite applications will leverage this new technology.

It's important to note that this new feature has been held back from developers for the near-term. Since Apple is releasing this technology for the first time and security concerns are reasonably on the top of everyone's mind, it's sensible for Apple to vet this technology further prior to having every app under the sun start integrating it. This also gives hackers a while to look for vulnerabilities and determine how well this data is being handled by Apple before we all start handing out fingerprints to our phones.

We look at technologies like on-device fingerprint readers as a way for the user to authenticate to their device (user-to-device) and our mobile application as the bridge to authenticate the device to Duo's service (device-to-Duo) and the associated integrations. Our service and mobile app will opportunistically take advantage of any security features on the mobile device. This includes pin/pattern locks, face unlock, fingerprint readers, etc. So while all iOS developers are on-hold to actually leverage this new technology for now, we're constantly evaluating the technologies that are available for use to help increase the security and experience of our offerings.

Mark Stanislav

Mark Stanislav

Director of Security Engineering

Mark Stanislav is the Director of Security Engineering for Duo Security. Stanislav has spoken internationally at over 100 events, including RSA, DEF CON, SOURCE Boston, Codegate, SecTor and THOTCON. His security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America and Forbes. Stanislav is the Author of the book Two-Factor Authentication. Stanislav holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Stanislav built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. He holds CISSP, Security+, Linux+, and CCSK certifications.