What I, and many of my colleagues are waiting for (with baited breath), is TouchID enabled two-factor authentication. By combining two low to medium security tokens, such as a fingerprint and a 4 digit pin, you create something much stronger. Each of these tokens has its flaws and each has its strengths. Two-factor authentication allows you to benefit from those strengths while mitigating some of the weaknesses.
Imagine a banking application where on startup you use a fingerprint for convenience – it’s nice and quick and only needs to ensure the right person has started it. However as soon as you want to do something sensitive like check a balance or transfer some funds we kick it up a notch by asking for a two factor authentication – the fingerprint and a 4 digit pin. This combination is strong enough to protect the user against most scenarios from physical theft through to phishing attacks.
As I wrote about in a recent piece, people are quite confused about the security offered by Apple’s TouchID. This article does a good job of elaborating on that topic, and I hope it is read by many.