Biometric authentication is nothing new with mobile devices, or technology in general for that matter. The TPM platform on Windows PCs has been around for ages, and even some feature phones (mainly those produced by Fujitsu for Japan) had it well over a decade ago. With respect to Android however, the stepped-up security staple has been of a generally less-than-impressive affair. Both Motorola and HTC tried it several years ago and suffice to say, nothing caught on. After the mainstream consumer’s attention was suddenly “alerted” to the technology via Apple’s iPhone 5s however, Samsung was first to step up to the plate and let Android have another stab.
Unfortunately, the authentication seen in the Galaxy S5 was a much more traditional method of fingerprint reading, namely that the sensor required a swipe (similar to the Windows TPM and Fujitsu feature phone products) and had a less-than-perfect track record when it came to accuracy. Software updates made the problem a little better, though even the newer module seen on the Galaxy Alpha and Galaxy Note 4 released later in 2014 were hardly what one might say as a stress-free experience.
The release of the Galaxy S6 has brought with it not just a major redesign for the hardware and software, but also the fingerprint sensor as well. Samsung’s implementation of a touch-based input method this time around works fantastically. Granted it’s still not perfect (neither is Apple’s) but with a few tricks and tips at hand (more on that later), it’s possible to have it read your print correctly over 95% of the time, if not 99%.
The problem now, however, is an ironic one. The sensor in the Galaxy S6 works so well that you actually want to use it, and in doing so, it becomes that much more cumbersome to use any other form of security, namely passwords and patterns. Despite my tablet remaining at home 95% of the time, it still has pattern unlock set up, as have all my tablets in the past as well. So frustrating was it to be bothered with entering the pattern each time the screen turned off that after about a day, I disabled the security entirely. Even when I was testing out the Chinese Galaxy Note 4, I found the pattern unlock to be downright irritating. Sure the device has fingerprint security avalible, but it just works so badly that I simply couldn’t put up with it. The same also held true for the few days I spent with the LG G4 last week: the Knock Code is too time consuming.
Of course, if you haven’t spent time with the Galaxy S6’s fingerprint sensor then it’s quite plausible that pattern unlock won’t bother you at all. Heck, I never minded it. Even the iffy fingerprint sensor in the Note 4 might be OK for those with nothing else to compare it to. But for me, hands down, anything less than the hardware in the S6 simply comes off as inferior.
Vast implications (for me, at least)
It needs to be clarified that as a tech writer, my device habits are not in any way reflective of mainstream customers, or perhaps even enthusiasts. If someone has the Galaxy S6 for example, it’s quite logical that what I am about to say won’t be a valid point of reference. Likewise, if someone prefers another device (like the Xperia Z3+) then the point is also lost. Still, it must be made: After just a few weeks with the Galaxy S6, I have trouble considering any other phone as a valid replacement, literally because of the absence of a fingerprint sensor.
Consider just for a second, how many times you unlock your device in a day. Obviously those users who have a screen timeout setting of 2 minutes, or who don’t have any security lock period will be far less bothered. For those of you like me, however, in any given 10 minute period, your device usage might consist of this:
I’m listening to music and want to change albums. I want to see if a System Update is available. I want to check my Hotmail account (which is set to pull, not push). I want to make a quick memo. I want to upload a picture to Google Plus. I want to check my schedule for the next day. I want to activate Silent Mode.
These are just 7 perfectly valid examples of why I might unlock my phone. Now imagine unlocking the device each time with a pattern. Or even worse, imagine doing it with a 7-digit password or numerical sequence. How much wasted time is involved? How easy is it to just activate the power, place my fingertip over the Home Button for just a second, and its unlocked, and with basically no errors.
For those interested in improving the accuracy of their Samsung Galaxy S6 or S6 Edge fingerprint sensor’s accuracy, perhaps the best advice is to select one (or two) fingers that you will use exclusively to unlock the device, and setup all four of the available readings to the designated digits. I, for example, had originally registered four different fingers to the sensor, but it often missed reading them on occasion. After I set two different print reads for my left thumb alone (the first being all vertical, and the second being split between left and right horizontal orientation about 50:50), things improved to what I would argue is 99% accuracy. I repeated the process with my right thumb.
If you are comfortable with just registering one finger however, you could technically set up all four reads to ensure the most accurate reading possible. You could have one stored file for each 90-degree position your finger could possibly scan the button.
Security risks and shortcomings
Fingerprint Cards AB
While I have spent a great deal of time extolling the virtues of fingerprint sensors, it must be said that they are not an absolute form of security. Just as how a pattern unlock sequence can be “stolen” by looking at the oil residue on the phone, so too could a fingerprint be lifted from the device, or literally anything for that matter, even a photograph should the resolution be high enough. And, unlike the pattern unlock which has literally no value outside of Android, a fingerprint can be an absolutely damning piece of incriminating evidence or even proof of legal registration.
It also needs to be said that even the Galaxy S6’s fingerprint sensor can’t do the impossible. If you have even the slightest bit of water or dirt on your finger, there is a large chance the scan will result in an error. In one typical instance, I had just washed my hands, hastily dried them, and tried to unlock the phone a few seconds later. Access was not granted, and when I checked my finger, indeed it had a small droplet of water or two that had got on the sensor and caused the error. Likewise should the biometric reader get scratched or damaged in any way, the error rate will increase if not become absolute.
An eye for detail
One possible increase in safety, security, and sanity could be the iris-scanning technology that Fujitsu has placed into its “brick-sized” Japan-only Arrows NX. Having tested it out at a local docomo store, I was generally impressed by the accuracy of the reading, at least from the dozen-or-so times I tried it out. Unfortunately the actual scan itself takes a bit of time and is therefore much more cumbersome than simply holding down your finger… or drawing a pattern. This is something that can be improved with future software (or hardware) updates however, and thus I wouldn’t necessarily see it as a death toll for the tech.
On the other hand, it needs to be said that in addition to having pitifully bad eye-sight, I wear brown-colored contact lenses. This is in part because I like darker eyes, and in part from awkward experiences with Japanese people “mystified” by my true blue-green color. Why mention this vanity confession? Simple: the lenses have a “fake iris” on them. I literally scanned the contact lens, and that alone is great cause for concern. Assuming the manufacturer has a single design for the pattern on the lens, anyone who buys the same brand that I do could have “my” eyes. The security implications are quite grave to say the least. This isn’t some kind of high-tech Minority Report-type scheme here; it’s not even as complex as creating false fingerprints from a magnified image.
After doing a bit of research, there seem to be conflicting reports of the biometric authenticity with respect to colored lenses. Some reports suggest or claim the technology is now advanced enough to read “beyond” and see the intricacies of your true iris, however other reports indicate that there are limitations imposed by colored contacts. The question is just how accurate or advanced the sensor in Fujitsu’s latest smartphone is. As a personal experiment, within the next week, I will attempt to go back to a docomo store and see if I can get permission to try and experiment with the Fujitsu phone: to scan my eyes with the lenses, then see if I can unlock them without, and vice-versa.
Focus on the future
Regardless of whether-or-not people are excited about the security benefits of biometric authentication, there is one major reason they should care about it: expedience. Many smartphone users opt to go without setting a password or pattern to unlock their device simply because they don’t care, they don’t want the hassle, or they don’t realize the risk of theft and what that might entail. Including some form of advanced authentication that is integrated into a basic movement or gesture is the key. In the past, companies like HTC, Motorola, and even Samsung have managed to make a mess out of the fingerprint feature. With the Galaxy S6 however, Samsung has made a huge advance in the functionality factor, as the reader works so much better than that of last year’s flagships.
In my honest opinion, I feel that well-implemented biometric security elements should be a core feature of smartphones from today onward. What do you think however? Are you satisfied without it? Leave us your comments below and let us know.