Fingerprint security convenient, but not flawless

Published on NewsOK Modified: February 26, 2014 at 7:46 am •  Published: February 26, 2014
Advertisement
;

BARCELONA, Spain (AP) — Samsung's upcoming Galaxy S5 smartphone will be at least the third to have a fingerprint sensor for security but it's alone in letting you use that for general shopping, thanks to a partnership with PayPal.

The sensor brings convenience for entering passcodes and could encourage more people to lock their phones. But fingerprint security isn't foolproof.

Here's what to know as you consider whether to place your trust in it:

____

How does it work?

The S5 has a sensor on the home button, just like Apple's iPhone 5s. On the S5, you train the phone to recognize your finger by swiping on it seven times. You also enter a passcode as a backup, so you're not locked out if the device doesn't recognize your print. On the iPhone, that can happen if your hand is greasy or wet, for instance.

The phone then converts the fingerprint information into a mathematical representation, known as a hash, and stores that in a secured location on the device. Samsung says that information stays on the device and is never shared.

When you want to unlock your phone, you simply swipe on the home button. A hash is again created and must match the one the phone already has. Otherwise, the phone stays locked.

You can do this with up to three fingers on the S5, compared with five on the iPhone. On the S5, you must swipe down. On the iPhone, you simply hold your finger on the home button, and you can do that sideways or upside down as well.

The HTC One Max also has a fingerprint sensor, though tests by The Associated Press have shown it to be inconsistent in recognizing prints.

___

What can you do with the fingerprint?

All three devices let you skip the passcode and unlock the phone.

You can also train the HTC phone to open a particular app automatically depending on the finger used. Apple lets you use the finger to authenticate purchases through its iTunes store, but it's keeping the system off-limits to outside parties. Samsung lets you make PayPal payments.

If you're at a retail store that accepts mobile payments through PayPal's app, for instance, you can use the fingerprint instead of your usual password. That's also the case with online transactions using PayPal on the phone. The hash doesn't get sent to PayPal. Rather, the phone verifies for PayPal that the fingerprint has been verified.

Anuj Nayar, senior director for global initiatives with eBay Inc.'s PayPal business, says there's usually a trade-off between security and convenience. Beef up security, and it's tough to use. Make it convenient, and open up windows for breaches. With fingerprint IDs, he says, you can have both.

Continue reading this story on the...