Dear Lifehacker, I’ve been considering an iPhone 5s, and I’m intrigued by the fingerprint scanner. However, I’ve heard that it’s already been hacked. Should I worry about this? Is a fingerprint scanner better or worse security than a regular PIN? Sincerely, Little Finger Security
There’s been a lot written about the iPhone’s new fingerprint scanner recently. The good news: just because the iPhone’s Touch ID was hacked doesn’t mean it’s completely useless. Does that really mean you’re safe though?
So, What’s the Deal With This Hack?
The Chaos Computer Club managed to prove that it’s possible to lift a clean fingerprint and reproduce it such that it can be used to unlock an iPhone. The process involves taking a photograph 2400 dpi camera, then reprinting it at 1200 dpi. They then created a latex mask of the fingerprint to be able unlock the phone.
In other words, while technically it worked, it's no small task. In general, it's not super easy to just take someone's fingerprint off a surface and bypass security, no matter what Nicolas Cage may have led you to believe. If you're carrying around some Level 7 secret information that absolutely cannot fall into the wrong hands, Touch ID might not be your best defence.
On the other hand, an iPhone probably isn't your best defence either.
Is Fingerprint Security Better Than a Passcode?[image id="945575" url="https://www.gizmodo.com.au/content/uploads/sites/4/2013/09/26/1919jw7q8j9rbpng.png" align="centre" clear="true" ]
When you're dealing with security, you're never going to create something that's invincible. So, set aside for a moment that the fingerprint scanner can be cracked. The real question is if it's easier than a passcode.
We've talked about this a bit before: passcodes, even when they aren't plagued by exploits, won't protect your sensitive data from someone who really wants it. For that you need to encrypt your data.
With that out of the way, will a passcode protect you better from your run-of-the-mill thief or snoopy friend? Well, passcode exploits are surprisingly, uncomfortably common. Fortunately, these tend to get patched by Apple, but your phone is vulnerable while they persist. It's also possible to pull your PIN off your screen if you left smudges on your phone. Oh, and all of that is assuming you're not using an easy-to-guess passcode and are exercising common sense security practices.
From that perspective, a fingerprint scanner may be a better security method simply because your snoopy friend or thief can't look over your shoulder and learn your fingerprint. On the other hand, you leave it all over the place. The bottom line for both methods is that if someone wants to get into our phone badly enough, there are ways. There's always a way.
So, What Should I Do to Secure My Phone?[image id="945576" url="https://www.gizmodo.com.au/content/uploads/sites/4/2013/09/26/1919ftrnn6uc0png.png" align="centre" clear="true" ]
For starters, use the security that you'll actually use. Some reports have shown that a good number of people won't even bother using a passcode. Whether or not fingerprint scanners are foolproof, it's better than no security at all. If you won't even bother using a PIN, then definitely set up Touch ID.
Moreover, remember that security is about more than just locking your phone. Apple has some handy security features that allow you to locate, lock down and remotely wipe your phone. Find my iPhone is part of your iCloud account. Do yourself a favour and set it up before something bad happens. You can probably do that quicker than someone can recreate your fingerprint, after all.
In addition, lock down your data itself. Just because someone gets into your phone doesn't mean they have to be greeted with an open door to all your information. Lock down everything on your phone (and hey, do the same to your iPad or iPod Touch while you're at it).
To answer the question in fewer words: yes, the fingerprint scanner is an acceptable form of security on a lock screen. However, anything that's meant to be unlocked in a matter of seconds dozens of times a day is going to be walking the line between secure and convenience. If you want to secure your iPhone, don't rely solely on your lock screen. Only a comprehensive security strategy will keep you covered. That and a healthy distrust of any of your friends who own 2400 dpi cameras and latex milk.
Got your own question you want to put to Lifehacker? Send it using our [contact text="contact form"].