Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

kmac007

macrumors regular
Original poster
Mar 21, 2016
103
16
1. How secure is touch ID?

2. Do you use it or use a text or swipe password? Why do you use what you use?

Thanks for answering! :)
 
There are various fingerprint spoofing techniques out there that don't require any fancy technology. Just the practical know how and a good image of your print to work from. Google 'touch id hack' for some examples. It's still pretty secure, but if you're paranoid, the only real choice is a proper alphanumeric passcode.
 
  • Like
Reactions: kmac007
1. How secure is touch ID?

2. Do you use it or use a text or swipe password? Why do you use what you use?

Thanks for answering! :)

Touch ID has nothing to do with security. I find it fascinating how little this is understood. Touch ID is about speed and convenience.

In theory, a fingerprint authentication is tops, because only the true user can gain access. But Touch ID is backed up by a passcode. Every single iPhone that uses Touch ID also requires a passcode be set as secondary means of entry. So, Touch ID is only ever as secure as your passcode. No more, no less.
 
Touch ID has nothing to do with security. I find it fascinating how little this is understood. Touch ID is about speed and convenience.

In theory, a fingerprint authentication is tops, because only the true user can gain access. But Touch ID is backed up by a passcode. Every single iPhone that uses Touch ID also requires a passcode be set as secondary means of entry. So, Touch ID is only ever as secure as your passcode. No more, no less.

Very true, but it allows for a complex password to be used. I would die if I had to enter my password every single time since, b.c of touchID, it is now 18 characters.

I guess it has made my iPhone and many others more secure by increasing our password length. It is also very nice for using apple pay. No need to enter my CC info when I purchase things online from a new retailer.
 
Very true, but it allows for a complex password to be used. I would die if I had to enter my password every single time since, b.c of touchID, it is now 18 characters.

I guess it has made my iPhone and many others more secure by increasing our password length. It is also very nice for using apple pay. No need to enter my CC info when I purchase things online from a new retailer.

Yes it encourages greater security by encouraging the use of a more complex passcode. Unfortunately most people likely have not opted for this, since the passcode still needs to be entered with a degree of frequency.
 
  • Like
Reactions: mattopotamus
Pretty secure for general use. The only thing I would be worried about is a snooping partner (gf/bf/wife/husband) who uses your thumb while you are asleep.
If you have that problem you have more to worry about than the phone. Just turn phone off. Like off off. It requires the passcode if your significant other snoops. Also suggest using a complex pass code. Wish you luck with your partner.
 
Pretty secure for general use. The only thing I would be worried about is a snooping partner (gf/bf/wife/husband) who uses your thumb while you are asleep.

This isn't a problem if you A) Refrain from sharing your bed with someone you have to keep secrets from and B) Refrain from keeping secrets from the person who you should trust completely.
 
  • Like
Reactions: TimSHB
Touch ID has nothing to do with security. I find it fascinating how little this is understood. Touch ID is about speed and convenience.

In theory, a fingerprint authentication is tops, because only the true user can gain access. But Touch ID is backed up by a passcode. Every single iPhone that uses Touch ID also requires a passcode be set as secondary means of entry. So, Touch ID is only ever as secure as your passcode. No more, no less.
Well, if someone has access to your fingers (like when you are sleeping or drunk or something like that) it can be seen that TouchID would be less secure in that sense compared to a passcode that someone wouldn't really even need to figure out.
 
In theory, a fingerprint authentication is tops, because only the true user can gain access. But Touch ID is backed up by a passcode. Every single iPhone that uses Touch ID also requires a passcode be set as secondary means of entry. So, Touch ID is only ever as secure as your passcode. No more, no less.
The Touch ID reader can be spoofed by fake fingerprints replicated from lifted prints or even from high quality photographs. It can easily be the weakest link in the chain. Touch ID offers very convenient "good enough" security. Nothing particularly unbeatable.
 
  • Like
Reactions: kdarling
If you're concerned your partner would do that they shouldn't be your partner.

If you have that problem you have more to worry about than the phone. Just turn phone off. Like off off. It requires the passcode if your significant other snoops. Also suggest using a complex pass code. Wish you luck with your partner.

This isn't a problem if you A) Refrain from sharing your bed with someone you have to keep secrets from and B) Refrain from keeping secrets from the person who you should trust completely.

I guess I'm the only one who took his post as humor.
 
The Touch ID would be more secure if your screen is within eyeshot of anyone or anything like a camera. If you're standing in, say, a Target store and enter your passcode then it's reasonably possible that a camera has recorded you. So now we're talking about a lot of places that we know of and probably a lot that we don't.
 
There are various fingerprint spoofing techniques out there that don't require any fancy technology. Just the practical know how and a good image of your print to work from. Google 'touch id hack' for some examples. It's still pretty secure, but if you're paranoid, the only real choice is a proper alphanumeric passcode.

The Touch ID reader can be spoofed by fake fingerprints replicated from lifted prints or even from high quality photographs. It can easily be the weakest link in the chain. Touch ID offers very convenient "good enough" security. Nothing particularly unbeatable.

Those have been proven fairly true in extenuating circumstances, but for non-Apple devices. The reality of spoofing prints for Apple devices is EXTREMELY slim-to-none.
 
  • Like
Reactions: chabig
Is second generation Touch ID more secure than the first, or is the speed the only difference?
 
Touch ID has nothing to do with security. I find it fascinating how little this is understood. Touch ID is about speed and convenience.

In theory, a fingerprint authentication is tops, because only the true user can gain access. But Touch ID is backed up by a passcode. Every single iPhone that uses Touch ID also requires a passcode be set as secondary means of entry. So, Touch ID is only ever as secure as your passcode. No more, no less.

True, but when Touch ID was introduced many people weren't using passcodes at all. So Touch ID has driven that crowd into using passcodes while still allowing them an easy way to gain access to their devices.

Touch ID is only as secure as the passcode in that if Touch ID is mis-authenticated several times, the passcode is then required (which is what you are saying).

I personally went from a 4 digit passcode (pre-Touch ID) to a alpha-numeric complex passcode (post-Touch ID). I feel this has increased my security a certain degree. I never would have done this without Touch ID.
 
  • Like
Reactions: ABC5S
Those have been proven fairly true in extenuating circumstances, but for non-Apple devices. The reality of spoofing prints for Apple devices is EXTREMELY slim-to-none.

Mythbusters did it on an iPhone.
Graphite impregnated silicone thumb with a scanned fingerprint.
 
  • Like
Reactions: ABC5S
You don't find graphite impregnated silicone thumb with a scanned fingerprint in a TV show with a huge budget and dozens of years of experience an extenuating circumstance?


What does the show's budget matter when the actual materials used cost less than $100?
Maybe I misinterpreted what you said. I thought you were saying that other devices could maybe be spoofed but the chances of spoofing an Apple device were slim to none.
 
The least secure part of things like fingerprint and retina scanners is that you cannot change your fingerprint or eye. So if you are ever compromised, you are comprimsed forever. On the other hand, if a password is compromised, you can easily change it. This is what I learned in my computer security class at university. But anyway, for the security on a cell phone, Touch ID is very convenient and secure enough to keep the people around you out of your phone.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.