Touch ID, Apple Watch, and the future of projected authentication

Back in September, before the original Apple Watch introduction, one of the potential features I was most interested in was the ability to project authentication. We got at least one aspect of it with the watch's implementation of Apple Pay. Hopefully that's only the beginning.

Trusted Bluetooth devices have been a thing for a while. They're "something you have." They can be used instead of "something you know" (password) or "something you are" (fingerprint) for authentication, or they can be used in conjunction with one or both of the others for multi-factor authentication.

To date, however, trusted Bluetooth devices have been too dumb to interest me. What I mean by dumb is that most current devices have no knowledge of their owner. If I take your dongle or smartwatch, I am you, and have access to everything you have access to. That's a deal-breaker. I'd never be willing to use them and, to be frank, I never thought Apple would be crass enough to offer it that way.

Neither the iPhone nor the Apple Watch are dumb, though. They're smart.

It's part of the contextual awakening:The iPhone has Touch ID, which means that it can require my fingerprint before authenticating anything from unlocking the phone to buying from iTunes to paying with Apple Pay. The Apple Watch has the ability to take Apple Pay authentication from the iPhone and maintain it for as long as skin contact is maintained.

That means both the iPhone and the Apple Watch don't just know that we have them, but who has them — no fingerprint, no skin contact, no authentication. And that makes them very, very interesting.

Soon, HomeKit will let us unlock our homes with our iPhones. Apple's CEO, Tim Cook, has already said you might one day be able to unlock your car with your Apple Watch.

Why not your Mac? iPhone-based proximity unlocks have been explored by third-party apps for a while, but Apple could implement a Touch ID-based system that could allow for fingerprint authentication prior to an unlock built in at the system level. If an Apple Watch has been authenticated and has remained in skin contact, it could allow for an even more effortless unlock if and when you're in extreme proximity.

With an API, why not apps? I use 1Password for password management. Up until last year it was easier to use on my Mac than my iPhone, since typing master passwords was a pain and cutting and pasting them was arduous. Now, with iOS 8, the action extension, and the Touch ID API, it's nearly effortless. It's so good, it makes the Mac feel tedious.

With trust projection, however, Touch ID on the iPhone — or better yet, skin-contact with the watch — could make 1Password just as effortless. When I'm within a few feet, it's open. When I'm not, it's not.

Bank apps, communication apps, secure photo or document apps, the list goes on and on.

For those who want even more security, Apple or apps could require Touch ID or Apple Watch proximity and a password. Combine Touch ID and an Apple Watch and a password, and you have three-factor nirvana.

Security and convenience have been at war for much of the information age. Apple has done a lot, however, to make security more convenient. Based on where they're going, it seems like just the beginning.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I agree Rene, and while I don't plan on buying an Apple watch for a generation or 3, a convenient security implementation would be very tempting. With their tight security and ownership of the whole widget, Apple should be able to do this like no one else can.
  • Again great article Rene. Probably I'm gonna wait for the second gen watch, so let's hope they implement it by then. That would be a super feature.
  • I think Apple is seeing a future where, in States like Iowa that will be allowing your Drivers License to be stored on your iPhone, that we may be able to live without any wallet or car keys.
  • Correct me if I am wrong, but Touch ID + Watch + Password is not 3 factor, because the authentication of the Watch uses Touch ID, and the seed (fingerprint) for that authentication does not change from the moment the watch is donned to the moment this hypothetical app authentication is checked. So Touch ID + Watch is not going to provide any more security than either one alone -- unless you are specifically worried about the case where you put your watch on somebody else, authenticate it on their arm with Touch ID, and then leave that person alone with your computer.
  • Just to confirm, does this mean the Apple Watch can't conduct Apple Pay transactions in the absence of the user's iPhone?
  • I have one big worry about Apple Watch functionality in regards authentication that you highlight in this article. When you note that "as long as skin contact is maintained", the Watch keeps it's authentication, the first thing I think of is that the watch will not only have to fit perfectly, it must also be worn a "certain way" (tight!). I have very thin wrists, as do many of my Asian friends. I have already determined therefore that the only Apple Watch size I can wear is the 38mm one, and that if I want to use the Steel Expansion Bracelet (and I do), I will have to take the 9 segment one they sell for the small watch and reduce it to 7 or even 6 segments just to fit. In other words, I'm very worried about maintaining that "skin contact" with this Watch. Given that a lot of folks have small wrists and that the current fashion for things like Rolexes is actually to get one that's too big and that sits *loosely* on the wrist, is there going to be a "weargate" problem? Are people who are used to wearing their watch loosely, and people like me who always end up with their watches swinging around to the back because my wrists are too small, going to have a problem with Apple Watch?
  • Heartily agree. At some point in time, Apple will add a sensor or a capability that can tell that your wrist is your wrist, not just skin contact. Whether by wrist skin prints, blood vessel layout or some other skin characteristic, it'll be able know that it is your wrist.
  • "Tim Cook, has already said you might one day be able to unlock your car with your Apple Watch...Why not your Mac?" I think (hope) they will have this Mac (iPad & iPhone also?) unlock feature ready sooner than later. Car unlock will need collaboration with car makers, but house locks should be available soon. Locksmiths might lose some business.