5s TouchID - How do you use it? (Tips for slightly more secure use)

Discussion in 'iPhone' started by 840quadra, Oct 9, 2013.

  1. 840quadra, Oct 9, 2013
    Last edited: Oct 9, 2013

    840quadra Moderator


    Staff Member

    Feb 1, 2005
    Twin Cities Minnesota
    Below is an over-thought, overanalyzed look at TouchID and trying to incorporate it into a slightly more secure method than maybe even Apple recommends.

    The Backstory

    I have been using my 5S for a couple weeks now, and finally took the plunge and activated TouchID. I really don't know why or what, but something was holding me back from enabling it. Was it the reports of it being compromised, or some worry that my valuable fingerprint would be uploaded to the cloud? :confused:

    Well I still don't know, but that quiet voice inside me finally stopped saying no, finally allowing me to look closely at how I could use this feature.

    I have always used complex passcodes, and had the data erase option enabled on my iPhones. Just like the greasey swipes on Android phones, I found the greasy dots left on most iPhones as an easy way to help guess most of my friends simple passcodes. Perhaps hearing stories about fingerprints being lifted and used from iPhones, reminded me of the old oily fingerprints that helped me figure out simple pass-codes, in turn, stopping me from adopting TouchID.

    My use of TouchID

    Not wanting to let a nice little feature on my iPhone go to waste, I decided to take a closer look at how I could incorporate TouchID into my daily workflow, while also keeping it slightly more secure than the average user.

    Taking to heart some great security tips I have learned over the years, I attempted to apply those to my iOS use of TouchID.

    • More convienant usually means less secure
    • Think of each key as an additional hole in security
    • Avoid common passwords
    • Avoid leaving keys in the open, or easy to access

    So you may be saying, how can I apply those tips to a fingerprint scanner? Well I actually spent some time analyzing how I use my phone personally. Completely divulging how much of a Nerd I am, I even went as far as recording myself doing some simple daily actions with my phone, to see how I hold and use my devices.

    After my (quite boring) time viewing what were essentially long selfies, I came up with some slightly more secure ways to use TouchID in my daily workflow.

    My TouchID Tips

    1- Use only a single Fingerprint.
    This goes into the first rule of security I have learned over the years. Since you always have a passcode as a backup, the less fingerprints you have registered, the less likely someone will be able to successfully lift the exact print you are using to unlock your phone.

    2- Make your single fingerprint, a finger that you are least likely to use on your touchscreen, or for holding your device.
    This tip helps resolve both Convenience, as well as avoiding common passwords. Your habits or friends may be different, however most of my 5s owning friends use either their thumb, or index finger to unlock their phones. And while each person's fingerprint will be different, I still like to consider the index finger, and thumb common "TouchID" Passwords for average users.

    3- Use only a portion of your fingerprint
    In addition to #2, make the portion of your chosen finger, one that has little chance of being used on your device for touch control, or holding your phone. A good example of this, is the extreme side of your chosen finger.

    4- Purchase a case which is not prone to collecting fingerprints
    While I like to run my phone Naked™ as a rule, one who is extra cautious could go the extra step of purchasing a case that won't easily collect and display fingerprints. A great option from Apple, would be their new leather cases for the 5s (at least the brown leather copy I own (yes I caved and got one :p ). For those that are paying attention, this helps reduce the amount of keys (or fingerprints) I am leaving in the open for people to reverse into a way of accessing my phone.

    5- Adopt the touch and slide method
    Clearly, whatever portion of your finger you decide to use for TouchID ,will leave a clear fingerprint on the sensor. Getting in the habit of sliding your finger off the sensor (and device) after the phone unlocks, helps prevent a clear fingerprint from staying behind.

    6- Use Complex Passwords
    With the addition of TouchID, the need for typing a passcode into your iPhone is greatly reduced. Why make it easy for people to get in with a simple 4 Digit pin, if they don't have access to your fingerprint ;) .

    Despite working in IT, I don't consider myself a security expert, and am open to adding further suggestions from those that are :) .
  2. SandboxGeneral Moderator emeritus


    Sep 8, 2010
    Good stuff. Thanks for the review and insight!
  3. itjw macrumors 65816

    Dec 20, 2011
    Tips for using TouchID:


    Now that you have the nuances mastered, enjoy your phone knowing that your password is still the weakpoint, and that if someone is stealing your fingerprint, reverse engineering it, latex modeling it, warming it up, moistening it, and then stealing your phone to use it, you have FAR bigger problems to worry about. Namely the Panamanean dungeon you are in (because of whatever you did to draw so much interest in hacking your phone....)
  4. panzer06 macrumors 68030


    Sep 23, 2006
    Good grief now we have to have security for our fingerprints.

    So not worth the hassle. Just use the feature. The whole purpose is to keep the casual thief, relative or other snoop from easily accessing the phone. Use as many prints as you want so it's convenient for you to use it. Unless you have national security secrets on the thing all this focus on security is crazy.

    I use the Touch ID exclusively wherever possible. It's simple, easy to use and saves entering the passcode 100 times a day.

  5. 840quadra thread starter Moderator


    Staff Member

    Feb 1, 2005
    Twin Cities Minnesota
    Those Panamanian captors will have their work cut out for them, I don't use anything close to a simple passcode :D .

    What hassle? I touch my finger to my phone, and it unlocks. I just put a little more thought into how I use it than the average person.

    Perhaps I take security a little more seriously than the average MacRumors user, which is 100% fine by me. ;)
  6. kas23 macrumors 603


    Oct 28, 2007
    Remove the tin foil hat and just enjoy your phone. If it's really causing you this much concern you should probably disable TouchID.
  7. Consultant macrumors G5


    Jun 27, 2007
    Good tips.

    FYI by default iPhone takes incremental time to enter passwords after each wrong attempt, so even a 4 digit passcode is much more secure than other platforms. Yes, a strong password is better, preferably text ones that are harder to get spied on.

    A certain other platform allows brute force attack by default:

    Exactly. Only applies to those who lock away their wallet, lest their credit cards get copied.
  8. vannibombonato macrumors 6502

    Jun 14, 2007
    You shouldn't be using a phone, you should only communicate verbally in a bug-swiped safe-room after the person you're talking to has signed an Apple-like NDA.
    They're listening.
  9. KhunJay macrumors 6502


    Sep 16, 2013
    I use my 5S without the touch ID activated. Dont mind keying in the passcode.

    It was not a huge imposition to begin with. Technology will not make me lazy...hehe.
  10. cambookpro macrumors 603


    Feb 3, 2010
    United Kingdom
    Doing all these steps would actually make Touch ID less convenient...

    I don't know why people think thieves are out to get into your iPhone and pry on your Angry Birds score. I'm sorry, but nobody's really that special with regards to their data :p

    99.999999% of thieves will want to wipe the device and sell it ASAP. Touch ID just stops the casual person who wants to snoop around/the thief who can't be bothered to steal a phone with a passcode/Touch ID.

    If the right person put their mind to it, almost and security measure can be 'hacked'. Nothing's foolproof.

    I'm not saying don't take protecting your data seriously, just if you're taking steps to only use the edge of your fingerprint and buying a case to not leave fingerprints on your phone, disable Touch ID and set a 20-character passcode. Problem solved.
  11. KhunJay macrumors 6502


    Sep 16, 2013
    I have never had anyone (or lets say caught anyone) snooping around my phone...so touch id doesn't make me feel safer in that respect.

    As to it being a deterrent for thieves, I think the thief will steal it first and only inspect it once he has got to a safe place. So while it might prevent him from getting into your (often uninteresting data), he is not going to return the phone saying sorry i took it, didnt know you had the touch id on.

    So that leaves the advantage of using it to pay for itunes purchases as of now. Well, I can enter my password easily enough so still not compelling enough. Maybe they will invent some cooler uses further down the line. Then I will re-evaluate.
  12. steve-p macrumors 68000


    Oct 14, 2008
    Newbury, UK
    I think the vast majority of people may as well just get on and use TouchId without obsessing to the nth degree over how to make it impossible to defeat. I mean, unless you're a terrorist, spy, paedophile, criminal, or cheating husband/wife, no one really cares what's on your iPhone. In any case, it's a whole lot more secure than not even using a passcode, which is what many people were doing before.
  13. ucfgrad93 macrumors P6


    Aug 17, 2007
    Seems like overkill to me OP, but if it works for you then that is all that matters.
  14. deraj090 macrumors regular

    Feb 18, 2010
    touch ID worked great for me for the first few days -- and now I find I read "try again" on my phone more than anything else. Has this happened to anyone? It has gotten to the point where I don't even bother using it anymore, because typing in my passcode (which is 1-2-5-3, by the way. see how useless that information is for you?) is far easier.

  15. antiprotest macrumors 65816


    Apr 19, 2010
    It is self-punishment without sufficient cause. But if OP's psychological makeup somehow needs it, even if his data is not worth it, it's up to him.
  16. 840quadra thread starter Moderator


    Staff Member

    Feb 1, 2005
    Twin Cities Minnesota
    First off, I am actually not as paranoid as this post may portray me as being. That said, there are some simple "LifeHackerish™" things we can all do in our lives to make ourselves a little less vulnerable, without really making daily life anymore difficult.

    I like my hat! ;)

    I can pull my phone out, and unlock it just as fast as you can ;) . So no it's not less convenient at all.

    Angry birds was so 2009 ;) .

    I don't think that people are out to get me, if that's what you are implying.

    That said, it may not be the case for you, but many people (in the here and now) use their phones for much more than basic entertainment. Phones having access to an Email Account associated with iTunes, Apple Store, bank accounts, etc, is not uncommon.

    Google and read up on the topic of "bait phones". You will learn that selling the phone is increasingly becoming a secondary reason for theft.

    Agreed 100%
    But it doesn't mean we should make it any easier.

    I actually run my phone mostly without a case as I stated above ;) . Additionally, Programming and using the edge of your finger takes no longer, and is no more difficult than programming in the middle of your thumb, or any other finger.
  17. NikFinn macrumors 6502a


    Jun 22, 2009
    I find it very hard to believe you can unlock your phone using the outside of your pinky finger, quicker than the average user.

    If you're this worried about security, touch ID isn't for you.
  18. deraj090 macrumors regular

    Feb 18, 2010
    The more I see the brown leather case, the more I'm digging it.
  19. 840quadra thread starter Moderator


    Staff Member

    Feb 1, 2005
    Twin Cities Minnesota
    Not sure why my pressing the home button, leaving that finger in contact with the sensor would take any longer than, say, anyone else's 5S. ;) .

    Also, there is a difference between taking something seriously, and being paranoid.

    I only wear my latex gloves when I use other people's phones :p (Clearly intended as a joke)
  20. NikFinn macrumors 6502a


    Jun 22, 2009
    I only say it will take longer because you're using an uncommon finger (which appears to be your pinky in the picture).

    The primary place I (and I would assume a large portion of people) keep their phone is in their pocket. It's very easy for me to pull the phone out with my right hand, press on the home button with my thumb and leave it there to activate the touch ID. By the time the phone is perpendicular to me, the screen is unlocked and ready to be used. If you use your pinky, you need to at least use both hands. (One to pull out the phone, the other to unlock).

    I see you're taking the security seriously. For me, I just want something that's just as fast as not using a password (slide to unlock) but at least a little more secure to thwart unintelligent thieves from taking my phone.
  21. Carlanga macrumors 604


    Nov 5, 2009
    I don't fell the thread title is good for this.

    Going by it I could say: look no fingerprints at all makes it more secure
    Or put alphanumericals instead of 4 # and use no fingers or one or two or all five. Or use your nose. Or wipe button after each unlock.

    Whatever. I don't see the point if the thread of "more secure use."

    Since you are a Mod you won't get people to say too many negative things though.
  22. saldawop macrumors regular

    Sep 1, 2007
    I think, if I get a 5s, I will use my middle toe on my left foot for Touch ID. That way I don't have to worry about anyone dusting my phone for fingerprints.
  23. 840quadra thread starter Moderator


    Staff Member

    Feb 1, 2005
    Twin Cities Minnesota
    I understand what you are saying now. It actually isn't my pinky in the shot, but I do agree with where you are coming from. I guess it can take me longer to access my phone out of pocket in your example. That said, I never really unlocked my phone with one hand before, because I always had a complex password, requiring 2 hands to type in quickly anyway.

    I see where you are coming from. But don't agree. It says "tips for slightly more secure", & this topic is fully open for people to comment that don't agree with my logic, many of them have already posted. ;)
  24. steve-p macrumors 68000


    Oct 14, 2008
    Newbury, UK
    Of course not, that would be a security risk :)

    Whatever works for you, really. Someone may find it useful, and it doesn't hurt to prod people into thinking about security, even if they come to a different conclusion. But I still think the most important aspect of TouchID is that most people probably will use it, whereas many before did not even use a passcode.
  25. localboy28 macrumors 6502a

    Jul 27, 2010
    Unless you have missile launch codes stored on your phone chill out.

    99% of common thief's couldn't take a fingerprint and replicate it to hack into your phone.
    The chances of getting a clean print from your phone are pretty slim too.

Share This Page