Apple is Leaving Money on the Table
Does Apple have a chance to turn Touch ID into an authorisation product in its own right?
A report claims 60% of employees would like to use Face ID and Touch ID to replace their existing at-work authorization services.
These insights come from a report called, Facing a Future Without Passwords. There’s lots of interesting data there, but for me the headline feature has to be how much employees want to be able to use biometric authentication to replace passwords.
The report claims: “Sixty percent of employees would prefer to use Face ID or other similar facial recognition systems over alternative authentication methods.”
Not only this, but Apple’s Touch ID is even more popular when it comes to replacing passwords. “Eighty-six percent would prefer touch ID and 72% would prefer Face ID over work-related passwords,” the report claims.
No one wants the hassle
Many existing authorization systems are a little unwieldy. That’s not really a problem – when dealing with sensitive enterprise data any company has a right to secure its digital property any way it sees fit.
It is interesting that 84 percent of employees are asked to replace their work-related passwords every four months or less, which is good practise, but in reality, most employees have at least three work-related passwords and 65 percent of them forget a password every six-months.
However, the risk when deploying an unwieldy authorization system is that employees tend to cut corners when using them. Think: identical passwords, guessable passwords and weak security practises.
Weak security implementation within complex systems is endemic the report claims.
As many as 39 percent of employees in government and the public sector write their passwords down on paper notes, for example. Not only this, but five percent of employees have apparently entered a work-related password in a fraudulent form or webpage).
An Apple opportunity
Apple has impressed the public with Touch ID, so much so that most people seem prepared to embrace Face ID, once they get lucky enough to get to an iPhone X.
That’s a testament to Apple’s commitment to security and privacy, and to the essential efficiency of Apple’s system when compared to others in the market. While Touch ID is trusted by 76 percent of workers, Face ID is trusted by 70 percent.
Apple has an opportunity here. It’s on the way to embracing that opportunity, of course: it offers APIs developers can use to implement its biometric authorization systems in its products, giving it yet another strong argument to scoop up sales in the enterprise space.
After all, if the enterprise can create its own custom iOS app that implements security functions like identity and access management, location controls and biometric authorization it can deliver powerful mobile enterprise solutions to its employees.
It’s a win-win for workers, too, as all they then need to remember is their complex alphanumeric passcode to seal the protection. (Enter it once and use Touch ID or Face ID for the rest of the day). Apple’s system reduces ID friction.
The limitation, at least in terms of where Apple can travel with this system, is that it is presently available only via Apple’s own products. It seems to me that there must be some way in which it can implement its biometric protection as a cross-platform offering. I imagine a standalone connected device of some kind. (The Touch ID sensor in the new MacBook Pro is its own mini-iOS system, for example). I once speculated that Touch ID could replace an ignition switch in smart cars, for example.
I don’t anticipate Apple will offer such systems, at least for a while. Not only would it open a can of worms in terms of proofing its systems against hacks rendered possible by weaknesses in systems it has no direct control of, but it seems a little inelegant.
However, I can easily imagine enterprises developing their own authorization systems based on Apple’s as they enterprise mobility continues to coalesce around iOS, iPad, and iPhone. I sense a particular opportunity, too, for Apple Watch here.
That’s certainly what the company behind the report anticipate:
“The results demonstrate the need for organizations to seriously consider the impact Face ID will have on their security environment and explore how they can leverage the technology both as a second-factor authentication measure, as well as a way to replace passwords altogether, because that is where we are headed,” said Raz Rafaeli, CEO of Secret Double Octopus.
Meanwhile, Apple has yet another opportunity it may one day choose to explore.