Touch ID in the MacBook Pro: Passwords are passive “gatekeepers”, Touch ID can be an active “bouncer”

Though still being vetted by the public at large, Apple's Touch ID identity sensor seems to be a success based on early impressions. Most prominent reviewers have high praise for the biometrics tech included in the new iPhone 5s, after powerful initial skepticism[i]. Naturally, with such a successful launch and presumed security benefits comes speculation as to what other Apple products will get Touch ID next.

For starters, there is a lot of talk that Touch ID will be included in the iPad 5 expected to be announcement this Tuesday. Of course, inclusion in the iPad 5 is a no brainer. So it is with the iPad mini and Apple's forthcoming non-premium phone models from here on out, if not this Tuesday. This year Touch ID is a premium feature, but there will be no good argument for not securing ultra portable devices in the near future. Further, screen size will likely be the next premium feature or model separator for the next batch of iPhones released. Thus, Touch ID will be free to spread its wings. Add the fact that Apple's margins will increase with the proliferation of Touch ID, and we can bank on its inclusion in lower tier ultra portables. We can of course expect Touch ID to work in exactly the same way on the aforementioned devices, as it does now on the iPhone 5s. Thus, Touch ID will be far more interesting on the MacBook Pro than it will be on these devices, at least in its functionality.

Touch ID MacBook Pro hdr.jpg

Touch ID Hardware

Let's start with where Touch ID would be placed in the MacBook Pro. My money would simply be in the glass trackpad. But where in the trackpad would it be placed? It will not be placed in the top right corner or some variation thereof, or off on its own, but underneath substantially all of the glass trackpad. One of the gentlemen from The Accidental Tech Podcast (not Siracusa) mentioned the cost-prohibitiveness of this option according to some tweet. This makes little sense. Will MacBook Pro users pay an extra $99.00 for Touch ID? Absolutely. Additionally, as stated before, the increase production of biometrics hardware will only lower Apple's production costs, meaning they will more than recoup the money for placing a Touch ID sensor underneath the trackpad even if they do not charge a premium for a MacBook Pro with Touch ID. So that's settled. We can assume that Touch ID will likely be placed underneath substantially all of the glass trackpad in the MacBook Pro. While on the subject of hardware, I see no reason why Apple cannot encrypt and securely store all fingerprint information at the hardware level, regardless of CPU.

Increased Security for Touch ID

This is where it gets interesting from a user standpoint. I imagine that Touch ID on a laptop would work, and should work differently than it does on a phone. Our interaction with a phone is much different than that of a computer. We typically hold a phone in one hand and poke at it with a thumb, or hold it with both hands and poke the screen with both thumbs. Since this is how we use a phone, it makes sense to place the sensor in the home button close to where our thumb naturally rests; which is often the only finger, and by far the most popular finger, with which we use to interact with our phones. Our interaction with a laptop usually involves the use of far more fingers, especially since the inception of gestures in OS X. This means that you can build biometric authentication that combines prints from two or three fingers, any two or three, for authentication. Think of this in the vain of creating a password that is shorter, and thereby weaker or easier to crack. Here using a two finger authentication would be similar to a lengthier, and thus more difficult to crack password.

Authentication and Functionality

The most obvious and most power efficient implementation of Touch ID would simply be a Password Keychain type path, where anything in Password Keychain will work with Touch ID whenever Password Keychain would leap into action. At that juncture, the biometrics sensor would quickly power up, scan, complete an authentication action, and then immediately power down. So for example, this would involve a user visiting a site or loading an application, the application powering up the biometrics sensor, the user receiving a request for authentication, and subsequently granted access after touching the trackpad once more. This is a solid option, and makes a lot of sense. It’s easy to implement and would integrate with existing OS X functionality. A simple great, compliment to Password Keychain.

However, the most seamless way to implement authentication would be to automatically check the super user or administrator or owner's prints periodically or upon the triggering of some instance. If you saw the demo of OS X Maverick's new window switching power management feature you already get the idea. That is, upon switching applications OS X could possibly check the current user and allow access to some program or website requesting user authentication, provided that the access sought and the most recent user authentication system check is close enough in time for it to be safe to assume that a user is indeed an authorized user of the machine.

Why would Apple choose or include this second methodology as an option, since undoubtedly it would consume more power?

Simply, Apple would choose the latter option for its reciprocal benefits.

Currently passwords only work as “gatekeepers” to deny an unauthorized party access or free roam of your machine. Passwords work well enough, but they are passive. Passive gatekeepers only deny you access, but once you are in, you are in. “Bouncers” throw you out of places where you do not belong, or that do not desire your presence even after you have gained access. Bouncers are active. Touch ID on a MacBook Pro could operate not just as a gatekeeper, but as a bouncer.

This means that this periodic or instance driven check discussed above will deny access to an unauthorized user who has somehow gained access. For example, if you were to leave your MacBook Pro open, or it was to be stolen, and a person cracks your password, they will still not be able to use your laptop for any substantial amount of time or get access to your information. Sure there is the option of remote wipe, but this requires an Internet connection. With a periodic or instance driven check, upon merely launching an application such as Mail, or opening a new tab in Safari, Touch ID could power on, check for an authorized user, and bounce an unauthorized user. This functionality is a powerful argument for the latter implementation of Touch ID on the MacBook Pro. This functionality would be a huge sigh of relief for individuals who may have highly sensitive information on their laptops, in both eliminating the annoyance of entering a password, and knowing that their sensitive information is actively protected.

Apple could include a Touch ID power and security level option settings in System Preferences. For example, in Touch ID power settings, one option could be the less secure power saving option where Touch ID uses the Password Keychain methodology described above. Another option can be the more secure, more power consumption option. Similarly, for Touch ID’s security level options, Apple could include an option for ‘good’, ‘better’, ‘best’ digit authentication. For example, the ‘best’ option can be the longer multi-finger authentication (perhaps three fingers), which would be more secure if perhaps a bit slower, whereas the ‘good’ option can be the presumably faster less secure any-single-finger authentication.

However it will be implemented, as usual I cannot wait to see what the good folks over at Apple cook-up with regard to inevitable Touch ID inclusion in the MacBook Pro.


[i] It sounds like a gimmick, but it’s a real advance, the biggest step ever in biometric authentication for everyday devices. After using Touch ID, I found it annoying to go back to typing in passcodes on my older iPhone. Walt Mossberg – 

When I first heard the rumors of Apple integrating a fingerprint scanner into the iPhone 5s’ home button I was beyond skeptical. I for sure thought that Apple had run out of ideas. Even listening to the feature introduced live, I couldn’t bring myself to care. Having lived with the iPhone 5s for the past week however, I can say that Touch ID is not only extremely well executed, but a feature I miss when I’m not using the 5s. Anand Lal Shimpi –

It’s virtually instantaneous. I assumed I’d rather type in a passcode, because even if it’s slower at least I’m doing something, but Touch ID rarely take more than a single beat before the gates open and iOS 7 falls into place. David Pierce –