Everything about this article is well-intentioned — and wrong.
"much as a your email address or username identifies you, perhaps from a list."
Your email address or username may identify you, but it also may not. Your fingerprint absolutely identifies you and only you.
"For authentication, you need a password or passphrase. Something that can be independently chosen"
A password is a secret phrase. We're used to thinking about passwords in terms of strings, but anything secret that I know about would serve the definition. In fact, like a character-based string password, I can even make a copy of my fingerprint password and store it somewhere if I wanted a backup.
A fingerprint is both a username and a password. Trying to hold some analogy between Touch ID and traditional username/password combinations doesn't hold and it completely misses the point of the innovation.
That's why it's convenient, and skepticism of civil liberties aside, convenience means better security because people will use it.
> Your fingerprint absolutely identifies you and only you.
The whole point of the article is that this isn't true. Fingerprints are trivial to obtain and copy with sufficient fidelity to beat modern fingerprint readers.
A fingerprint is not a password because it can't be changed. If a database containing your password is leaked, you can just choose another one. What happens if a database containing your fingerprint is leaked?
And fingerprints will leak, as we are using them more and more.
"much as a your email address or username identifies you, perhaps from a list."
Your email address or username may identify you, but it also may not. Your fingerprint absolutely identifies you and only you.
"For authentication, you need a password or passphrase. Something that can be independently chosen"
A password is a secret phrase. We're used to thinking about passwords in terms of strings, but anything secret that I know about would serve the definition. In fact, like a character-based string password, I can even make a copy of my fingerprint password and store it somewhere if I wanted a backup.
A fingerprint is both a username and a password. Trying to hold some analogy between Touch ID and traditional username/password combinations doesn't hold and it completely misses the point of the innovation.
That's why it's convenient, and skepticism of civil liberties aside, convenience means better security because people will use it.