This is the second in a three-part series reviewing Samsung's important new Note 7 smartphone. The first part concerned the device's design.
In its new Galaxy Note 7 smartphone, Samsung has added a whole new way to unlock the device for use. Instead of entering a passcode or fingerprint, you now have the option of pointing your eyes at a small sensor at the top of the phone.
Iris scanning as a biometric authentication method has been around for a long time, but the Note 7 is the first Samsung phone to add the option. In fact, the Note 7 is the highest-profile mass market smartphone to add iris scanning.
Here's how the technology works. A small sensor at the top front of the phone identifies the finely detailed and totally unique characteristics in your iris. The iris is the colored area around the black pupil at the center of the eye. Once the software inside the phone makes a positive match between the image seen by the sensor and the image it took of your iris during the set-up process, the phone unlocks.
During the set-up process, you’re asked to set up the iris scanner just after you’re asked to set up the fingerprint reader. You see the red light of the sensor light up several times as it creates a profile of the look of your iris, converting the visual information into a numeric representation.
I found that the iris scanner worked well after a little bit of practice. You have to hold the phone out in front of your face (looking down at it on the table won’t work) at about five inches away for the best (quickest) results. It also helps to remove your reading glasses.
When you want to use your iris to unlock the phone, you signal that to the phone by swiping upward on the screen. So, actually the authentication involves three steps—clicking the phone’s on button, swiping up on the screen, then holding the phone in front of your face to wait for the scan. To open the phone with the fingerprint reader, you only have to click the home button, then leave your thumb or finger there for a second for the sensor to recognize your print.
After using the iris scanner a few times, I found that the scan is very, very fast. You barely hold the phone up and it’s already unlocked for you.
The iris scanner on the Note 7 can be used to authenticate you for a few of the phone's other features as well. According to the Settings, you can use a positive iris scan to log into certain websites. An iris scan can also be used in lieu of your Samsung account password.
The iris scanner can be used as a way to log into work-related assets kept inside Samsung’s Knox security framework. Similarly, the scanner can be used as the lock and key for a Secure Folder on the phone, in which you can keep apps and documents that are meant for your eyes only.
You set up your secure folder in the settings, and indicate that you’d like the iris scanner to be your main means of keying into it. Then, after you unlock your phone, you’ll see the new folder front and center on the home screen. Once you tap on it, the iris scanner automatically comes on and looks for a positive read.
The iris scanner does not work to authenticate Samsung Pay mobile payments, but Samsung has said that’s coming soon.
Many consumers first became aware of the importance of mobile device privacy and encryptions when Apple refused to unlock the iPhone of a domestic terrorist for the FBI last winter. This lead to some important discussions on the relative security of various phone unlocking mechanisms, but at that time we were mainly talking about alphanumeric passcodes versus fingerprint readers. The iris scanner brings a whole new player into the game where consumer electronics are concerned.
Security-wise, how well does the iris scanner stack up? "Generally speaking, iris can be more secure than fingerprint because there are more points to check than fingerprint," says Moor Insights & Strategy analyst Patrick Moorhead. "But researchers will need to test this specific Samsung Note 7 implementation to validate this."
But, in a way, the fact that your iris never changes could be a mark against the relative security of the iris scan. No authentication method, security experts will tell you, is totally secure, and if some bad actor ever got a hold of your iris scan, it would be compromised forever. You can’t change your iris print in the way you can change a password.