Touch ID, Apple Watch, and the future of projected authentication

Back in September, before the original Apple Watch introduction, one of the potential features I was most interested in was the ability to project authentication. We got at least one aspect of it with the watch's implementation of Apple Pay. Hopefully that's only the beginning.

Trusted Bluetooth devices have been a thing for a while. They're "something you have." They can be used instead of "something you know" (password) or "something you are" (fingerprint) for authentication, or they can be used in conjunction with one or both of the others for multi-factor authentication.

To date, however, trusted Bluetooth devices have been too dumb to interest me. What I mean by dumb is that most current devices have no knowledge of their owner. If I take your dongle or smartwatch, I am you, and have access to everything you have access to. That's a deal-breaker. I'd never be willing to use them and, to be frank, I never thought Apple would be crass enough to offer it that way.

Neither the iPhone nor the Apple Watch are dumb, though. They're smart.

It's part of the contextual awakening:The iPhone has Touch ID, which means that it can require my fingerprint before authenticating anything from unlocking the phone to buying from iTunes to paying with Apple Pay. The Apple Watch has the ability to take Apple Pay authentication from the iPhone and maintain it for as long as skin contact is maintained.

That means both the iPhone and the Apple Watch don't just know that we have them, but who has them — no fingerprint, no skin contact, no authentication. And that makes them very, very interesting.

Soon, HomeKit will let us unlock our homes with our iPhones. Apple's CEO, Tim Cook, has already said you might one day be able to unlock your car with your Apple Watch.

Why not your Mac? iPhone-based proximity unlocks have been explored by third-party apps for a while, but Apple could implement a Touch ID-based system that could allow for fingerprint authentication prior to an unlock built in at the system level. If an Apple Watch has been authenticated and has remained in skin contact, it could allow for an even more effortless unlock if and when you're in extreme proximity.

With an API, why not apps? I use 1Password for password management. Up until last year it was easier to use on my Mac than my iPhone, since typing master passwords was a pain and cutting and pasting them was arduous. Now, with iOS 8, the action extension, and the Touch ID API, it's nearly effortless. It's so good, it makes the Mac feel tedious.

With trust projection, however, Touch ID on the iPhone — or better yet, skin-contact with the watch — could make 1Password just as effortless. When I'm within a few feet, it's open. When I'm not, it's not.

Bank apps, communication apps, secure photo or document apps, the list goes on and on.

For those who want even more security, Apple or apps could require Touch ID or Apple Watch proximity and a password. Combine Touch ID and an Apple Watch and a password, and you have three-factor nirvana.

Security and convenience have been at war for much of the information age. Apple has done a lot, however, to make security more convenient. Based on where they're going, it seems like just the beginning.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.