The Touch ID fingerprint scanner is one of the most notable features of the iPhone 5s, but it’s not a perfect security solution. Just how does it compare to a standard password?
Gartner analysts Dionisio Zumerie and John Girard suggest in a paper on iOS security that the risks associated with the fingerprint scanner, which can be replicated for a specific phone by analysing smudges left on the phone, mean it falls in the middle of the password spectrum:
From a security standpoint, the protection afforded by Touch ID could be considered stronger than a four-digit passcode, but weaker than a six-character alphanumeric password — though much more user friendly.
The analysts conclude that Touch ID is a useful addition overall, since it’s much more user-friendly than a conventional passcode, but that it shouldn’t be the sole protection used for iPhones in corporate environments.
Comments
6 responses to “Just How Secure Is Apple’s TouchID?”
Another 3rd rate Apple feature.
How is it 3rd rate exactly? It’s the best implementation of a smartphone fingerprint scanner so far, even if that isn’t saying a whole lot…
“best implementation of a smartphone fingerprint scanner” that’s not exactly glowing praise!
I’m not an Apple user/fan, but you need to join the rest of us.. The phone wars are over.. Iphone.. Android.. Windows Phone.. Use whatever you like, and whatever suits your taste and needs with the least effort.
I think 90% of people have come to accept this now.
This touchid thing is only good for convenience, to stop your friends sending racist tweets from your phone pretending to be you, and to stop them going through your photo gallery, not to stop james bond or master criminals
Only problem is if the fingerprint profile could be extracted from the phone (nsa would love a copy of your biometrics!) and reused elsewhere where it’s used to protect something important, since you can’t revoke your fingerprints
This is why I will stick with open source,
But it’s even safer if your phone doesn’t have a biometric scanner that could be turned on/off through software, webcams anyone?
Steve Gibson did a 3 part episode on iOS security, including the touch ID.
https://www.grc.com/securitynow.htm
His thoughts are that the crypto is almost perfect except for iMessage. Touch ID has been implemented very well, has very good safe guards and measures in place to prevent unwanted access.