The Importance of Dual Authentication in Wearable Devices

Last week, I wrote a column entitled “Understanding Apple’s Wearable Strategy” where I laid out the idea of using an iWatch or iBand for personal ID. I mentioned I had used a RFID band while at Disney World and I could see Apple making digital identity a key pillar of any wearable device they bring to market.

In the column, I mentioned how Disney used two kinds of authentication as part of their band ID program. The first part of the ID came through RFID and each band’s RFID radio would have to be touched to a scanner. When going into the Disney parks we had to scan at the RFID terminal in the entrance and also use a fingerprint reader for additional authentication to show the band in use was tied to an individual and was not being shared. Then, at restaurants and shops, we just scanned our RFID band at terminals but, instead of using fingerprint readers for the secondary authentication, we used a registered PIN number instead. The ID band worked flawlessly and provided a level of convenience that made them worthwhile.

In Europe and Canada, they use credit cards with embedded chips. When you use them at a terminal, you put in your PIN number as part of its dual authentication program. In the US, we still don’t have “Chip and PIN”. When I use my American Express card with a chip on it in Europe, I have to do what is called “chip and signature” instead of using a PIN as part of this dual authentication process. However, it’s much less secure than the chip and PIN ID program. This has cut down on credit card fraud dramatically in Europe and Canada and some day we will have Chip and PIN credit cards in the US to better ward off credit card fraud here too.

When I wrote this column I did not have enough time or space to add the elephant in the room — when it comes to digital IDs and especially using things like RFID, Bluetooth and even WIFI in these programs, these technologies bring up key issues of privacy and tracking. Indeed, Disney has had some pushback on their ID band program since some people are not happy about Disney being able to track them when in the park and knowing exactly what they are doing or buying. Any company adding digital ID technology to their wearables will have to deal with this same concern as a lot of folks would be leery of any tech company’s ability to know what we are doing and more importantly using that data inappropriately.

In the column about Apple’s wearables I stated I did not think Apple would introduce the ID aspect of their wearables at launch and instead focus on health and home applications at first. They would need time to build up trust with their wearable customers with the initial health and home apps first. They need to show they can be trusted with the data and any tracking would be anonymous and never given to anyone for any reason. This would be critical for Apple and anyone doing a wearable with any ID app-related program involved.

Interestingly, although Disney has had pushback, well over 95% of people on their properties use the bands because they are so convenient and compelling. Disney is a trusted brand and only uses the data to help with crowd control and making it easier to navigate and use park rides, restaurants, etc. seamlessly. Apple appears to have a similar level of trust with their customers since they have close to 900 million user credit cards and go out of their way to keep them secure and not track people as part of their trusted programs. I suspect Apple could pull off any ID program in a wearable much better than Google could — our research shows Google is much less trustworthy than Apple at this time and Google would have to do a lot of work to get their customers up to the level of trust Apple has with their customers.

The bottom line is I believe the role ID would play in wearables would be a killer app. Having dual authentication will be critical to its success as well as the company behind the wearable device would have to deliver a level of trust to their customers beyond what they expect today. However, as I learned from my Disneyworld experience, its convenience factor trumped any of my privacy concerns. It was easy to trust Disney with that information. I suspect Apple could get a similar response from millions of their customers if this was part of their wearable devices and, if so, it could become a monster product for them.

Published by

Tim Bajarin

Tim Bajarin is the President of Creative Strategies, Inc. He is recognized as one of the leading industry consultants, analysts and futurists covering the field of personal computers and consumer technology. Mr. Bajarin has been with Creative Strategies since 1981 and has served as a consultant to most of the leading hardware and software vendors in the industry including IBM, Apple, Xerox, Compaq, Dell, AT&T, Microsoft, Polaroid, Lotus, Epson, Toshiba and numerous others.

9 thoughts on “The Importance of Dual Authentication in Wearable Devices”

  1. while I may agree with your analysis of the band id as a convenience in Disney parks

    However, I am not convinced that many people will be willing to pay their hard earn money for a Band just for Dual Authentication, or a lot of business or industry to upgrade their payment or authentication terminals to it while leaving the control of their customer base to Apple and their IBand technology when their can provide the same technology themselves.

    1. You are right they they would not buy it just for this purpose. But if it is one part of the applications they provide on the bands and make it an option they still could sell a lot of bands and eventually earn the trust of the customer and at sometime entice them to use this feature too.

      1. This functionality in a watch something that much people are already familiar with since century will be an easy sell in my opinion than a Band which is a new categories of product.

        1. In my humble opinion, the smart watch will have as little to do with watches as the smart phone has to do with phones. The phone is a mere app on a smartphone. The watch will be the least important feature on a smart watch.

          1. i disagree
            in a passive mode a smart watch should, feel, look, and act like any modern looking regular timepiece. an accessory that displays, time, weather. ect other capability as notifications, fitness, identity associated with it must be on demand, if not nobody will buy it since it will be too confusing.
            those are the reason why i agree with your criticism of the LG and Samsung smart watch as Joke, but not so much for the Moto 360 at least for now.

  2. Great follow up article, Tim.

    “I suspect Apple could pull off any ID program in a wearable much better than Google could….”- Tim Bajarin

    I heartily agree. Apple’s business model gives them an incentive to protect their client’s privacy. On the other hand, privacy is a huge burden on Google’s business model. Here, Apple hold a decisive advantage.

    “I believe the role ID would play in wearables would be a killer app…” – Tim Bajarin

    Could not agree more. As you stated in your response to Kenny, above, ID would not be the only feature in any smart wearable device but it could, and I predict it would, be the feature that ultimately drove the first sustainable wave of sales.

    1. the biggest challenge for Apple will be to convince many industries to upgrade their payment infrastructure to replace their own credit card with the IBand, something that I do not see happening in the near future, giving the importance of payment and any data related to it for any business

      it would be very stupid of them to agree too such a thing.

      1. I suspect Apple’s solution will be modular and simply plug into existing infrastructure. You seem stuck on this notion that entire industries will have to implement massive change in order for Apple’s wearable to work.

Leave a Reply

Your email address will not be published. Required fields are marked *