As KGI reports the iPhone 8 will no longer have TouchID, Mark Gurman gives some insider info on Apple's development of 3D Facial Recognition:

For its redesigned iPhone, set to go on sale later this year, Apple is testing an improved security system that allows users to log in, authenticate payments, and launch secure apps by scanning their face, according to people familiar with the product. This is powered by a new 3-D sensor, added the people, who asked not to be identified discussing technology that’s still in development. The company is also testing eye scanning to augment the system, one of the people said.

The sensor’s speed and accuracy are focal points of the feature. It can scan a user’s face and unlock the iPhone within a few hundred milliseconds, the person said. It is designed to work even if the device is laying flat on a table, rather than just close up to the face. The feature is still being tested and may not appear with the new device. However, the intent is for it to replace the Touch ID fingerprint scanner, according to the person.

The intention sounds promising, but I have concerns about this. If true, Apple would be putting their entire security technology in one basket and security reputation on the line. There would be a lot riding on this, especially with their Apple Pay initiative.

So far, facial recognition has been proven insecure and easily fooled by printed selfies. While Samsung S8's Iris Scanner is in improvement in technology, the requirement of facing the phone at a very specific angle and distance weakens the user experience.

Hopefully Apple can pull it off.

Tim Bajarin:

Qualcomm is using ultrasonic waves to scan all of the ridges and wrinkles of your fingers. Why ultrasound? Qualcomm says it can do a far deeper analysis than the 2D image created by a fingerprint mashed up against a capacitive sensor. It can look beyond the grime and sweat on your fingers and even penetrate beneath the surface of your skin to identify unique 3D characteristics of your print. It’s the same biometric technology developed for government security applications, Qualcomm told me.

Qualcomm execs said the technology could also change the way fingerprint scanners are implemented on devices. Since ultrasonic waves go through glass, aluminum, steel and plastic housings of any phone, they don’t need a dedicated touch pad or button to work. In fact, depending on how it is implemented, you could conceivably touch any part of the smartphone with a finger to gain access to the phone itself. This could make it possible for smartphone makers around the world to be more creative in the way they implement two factor authentication in these devices and will go a long way towards making all smartphones more secure. In Qualcomm’s scanner, high-frequency acoustic waves penetrate the dermal layer of your skin to extract your unique print, down to the ridges on your skin and even your sweat pores. Since sound can travel through things like sweat and other elements, your daily maneuverings don’t get in the way of capturing that perfect print. In fact, condensation generated from your regular activities may actually improve the scan, making it a more reliable method than the current capacitive technology.

Assuming this works as reliably as it sounds, it looks like Qualcomm's fingerprint scanning solution is a leg up above Apple's Touch ID. Sweaty hands and dirty fingers happens a lot more often we'd like to admit, requiring you to make the extra effort to clean them before using Touch ID.

Also, because ultrasonic fingerprint scanners can be placed anywhere on the device, industrial designers will have a lot more freedom.

Patrick Salyer:

Consumers have been longing to get rid of passwords for years. Ad nauseam, we’ve heard the clamors for the end of passwords because of the deluge of usernames and passwords we have amassed and the inherent security issues and frustration they create. Imagine never needing to create another user name or password again for any site or app by using your Apple ID. That’s what Touch ID promises.

Ultimately, Touch ID and Apple Pay are proxies for Apple ID, which is becoming paramount to what is sure to be a strategy to overtake other identity providers.

Consumers will love using Apple ID for authentication on sites and apps because of the seamless experience – imagine being able to authenticate quickly not only at point-of-sale systems and mobile apps using your thumbprint but also on third-party sites just by having your phone in close proximity to your computer.

Businesses, or relying parties, will love it because they’ll get more registrations, identify more customers across devices, and have lower shopping cart abandonment. Apple, in turn, will establish more permanence with users, further entrenching them into the Apple ecosystem.

I've believed the exact same thing since TouchID was announced.

I've also been bullish on the Apple Watch being key to killing passwords.

Martin:

Apple built a generic, almost foolproof device-level identity security system around TouchID, Secure Enclave, and custom secure element hardware at the lowest level of iOS that can be opened up to pretty much anyone Apple wants to let in. This is unique, and I don't see anyone else who can replicate this. Apple is merely renting this security service out to the banks for the price of a percentage of the transaction. They don't need to build a proprietary payment network, or even be a link in the payment chain.

And this system can work equally as well for health providers securing user identity to exchange HIPAA covered health data for Healthkit (for a modest fee, naturally). They can rent it to employers to secure their employee identity - not just for getting into corporate applications but add HomeKit into the mix and a company can put an NFC lock on a door, issue tokens to the iPhones of the 10 employees allowed into that room, and that gives them the ability to unlock the door with their iPhone following a positive fingerprint check. The employer can remotely revoke those tokens as needed.

This is effectively a way to replace username and passwords for anything from your iPhone or Apple Watch, if Apple builds it out to its full potential. It relieves the burden of choosing good passwords, remembering them, securing them, and puts all of the control on the agency that needs to control the security, rather than on the one being secured.

The recent partnership with IBM might make more sense now.

Shout-out to the people who said TouchID is boring, not innovative, and no different than any other fingerprint scanner out there.

It might not seem like it now but the Touch ID fingerprint scanner has potential to be a real game-changer (assuming it works reliably, unlike Siri). We live in a world of multiple devices, countless apps & social networks...remembering all those logins and passwords is a huge pain in the ass.

I'm reminded of this every time my parents have to call me from the Philippines because A) they forgot their password or got locked out of their accounts for too many failed login attempts.

Identity & Authentication are two things that are due for innovation, and Apple just made the first step towards improving that for mainstream consumers. It might not be a feature that'll make your jaw drop or impress you, but it'll be something you won't be able to live without once you've had it.