Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

jiangning

macrumors member
Original poster
Jan 29, 2010
48
18
Apple pay on apple watch is standalone so the cards don't carry over from your iphone. On iphone, you will need to use touch ID to make a purchase but that doesn't happen on the watch. I suppose there should be extra security measures such as granting a transaction only when the iphone is nearby. However that is not the case as I have successfully brought out apple pay through double click even if no iphone is detected.

So does that mean if the watch is lost then whoever picks it up could use my apple pay, given that they have got around my passcode?

My point is: Apple pay on iphone has double security -- passcode and touch id, but on watch it only counts on passcode, which doesn't seem secure enough for me. Any thoughts? Maybe I've missed something?
 
The phone only needs touch ID. The watch needs the passcode. It will erase after ten mistakes (if you set it). So the difference is touch ID versus passcode.

They are both more secure than a credit card. Lose that and you lose much more...... :cool:
 
What do you mean both passcode and TouchID? I only use TouchID when using Apple Pay on the iPhone, and you can change this to activating Apple Pay with a passcode rather than TouchID on iPhone.

If someone takes it off your wrist, it gets locked so not sure what you mean.
 
Apple pay on apple watch is standalone so the cards don't carry over from your iphone. On iphone, you will need to use touch ID to make a purchase but that doesn't happen on the watch. I suppose there should be extra security measures such as granting a transaction only when the iphone is nearby. However that is not the case as I have successfully brought out apple pay through double click even if no iphone is detected.

So does that mean if the watch is lost then whoever picks it up could use my apple pay, given that they have got around my passcode?

My point is: Apple pay on iphone has double security -- passcode and touch id, but on watch it only counts on passcode, which doesn't seem secure enough for me. Any thoughts? Maybe I've missed something?

You're not really missing anything, other than not trusting your passcode. I don't have an iPhone 6 but I assume that you can use Apple Pay with a passcode as opposed to touch ID so it's the same there.

There is no touch ID sensor on the watch. Also, the watch locks when it's taken off your wrist.

I feel the watch is sufficiently secure for using Apple Pay. It's not like I could potentially leave my watch somewhere. I'm always wearing it.
 
Yeah I do agree it's more secure than the wallet lol. I guess I just don't trust passcode as much as my fingerprints.:p
 
Yeah I do agree it's more secure than the wallet lol. I guess I just don't trust passcode as much as my fingerprints.:p

Yea, but anyone who has your iPhone 6 can use Apple Pay with the passcode. LOL! :) It's the same thing! :). And it would be much easier for them to take your iPhone then your Apple Watch.
 
In addition to the watch locking when you take it off, you can disable apple pay remotely from icloud.com for the watch. Sure, if someone can "get around" your passcode it's insecure, but you can say that for any service. Gmail is insecure because someone could get potentially around my password.
 
Apple watch is on the wrist and iPhone is in the pocket, it's easy to tell which is likely to be stolen or left behind. I'm not worried about the security at all, even if something happens, just contact the bank, it's no big deal.
 
Yea, but anyone who has your iPhone 6 can use Apple Pay with the passcode. LOL! :) It's the same thing! :). And it would be much easier for them to take your iPhone then your Apple Watch.

If the OP that concerned/distrustful of passcode, he should switch to complex passcode. It's more secure than the 1 in 50,000 probability of finding a random matching fingerprint (there's a 1 in 10,000 odds of guessing a simple 4-digit passcode).
 
If the OP that concerned/distrustful of passcode, he should switch to complex passcode. It's more secure than the 1 in 50,000 probability of finding a random matching fingerprint (there's a 1 in 10,000 odds of guessing a simple 4-digit passcode).

Yeah, I think I may do this myself to be honest :).
 
As others have said, if you have touch ID enabled on your phone you have the passcode as an alternative. Touch ID is also less secure than the passcode if someone is trying to get into your phone. Enable the erase on 10 unsuccessful attempts if you're concerned.
 
So does that mean if the watch is lost then whoever picks it up could use my apple pay, given that they have got around my passcode?

Maybe I've missed something?

Unless I'm completely misunderstanding you, ya, you missed a lot.

What do you mean "got around my passcode"? Do you mean guessed your passcode? Because that is what they would have to do to use apply pay once you removed your watch from your wrist. Do you know how many combinations it would take to find your code? Are you using 9999 or 1234? If not, stop worrying. Or just don't use it.
 
Apple pay on apple watch is standalone so the cards don't carry over from your iphone. On iphone, you will need to use touch ID to make a purchase but that doesn't happen on the watch. I suppose there should be extra security measures such as granting a transaction only when the iphone is nearby. However that is not the case as I have successfully brought out apple pay through double click even if no iphone is detected.

So does that mean if the watch is lost then whoever picks it up could use my apple pay, given that they have got around my passcode?

My point is: Apple pay on iphone has double security -- passcode and touch id, but on watch it only counts on passcode, which doesn't seem secure enough for me. Any thoughts? Maybe I've missed something?

Yeah I do agree it's more secure than the wallet lol. I guess I just don't trust passcode as much as my fingerprints.:p

If your watch comes off no one can use ApplePay until it's back on your wrist and unlocked.

----------

Touch ID is also less secure than the passcode if someone is trying to get into your phone.

Based on....what exactly?
 
If the OP that concerned/distrustful of passcode, he should switch to complex passcode. It's more secure than the 1 in 50,000 probability of finding a random matching fingerprint (there's a 1 in 10,000 odds of guessing a simple 4-digit passcode).

I use 5 digit Passcode for 1 in 100,000.
 
Yea, and I'm sure that the everyday criminal is going to do just that. :confused:

I didn't say it was easy to crack, I said it was less secure than the passcode so the OP shouldn't worry about the passcode on the watch vs. touch ID. The touch ID will read a finger print lifted off another object. Again, the average person shouldn't have to worry about this.
 
If someone has your thumb print, they can (somewhat easily) create a latex copy that fools touch ID.

.....


Only if they can also simulate the flow of blood through that latex. Do you happen to have intelligence agencies after you? No normal thief is ever going to be able to pull that off.
 
You don't need blood for Touch ID on iPhone. You just need the latex fingerprint.

https://www.macrumors.com/2013/09/22/chaos-computer-club-bypasses-apples-touch-id-system/

Just the latex fingerprint...created by the following process:

"First, the fingerprint of the enrolled user is photographed with 2400 dpi resolution. The resulting image is then cleaned up, inverted and laser printed with 1200 dpi onto transparent sheet with a thick toner setting. Finally, pink latex milk or white woodglue is smeared into the pattern created by the toner onto the transparent sheet. After it cures, the thin latex sheet is lifted from the sheet, breathed on to make it a tiny bit moist and then placed onto the sensor to unlock the phone."

Keep an eye out for those criminals on the subway carrying around their cameras. Don't forget to stay still once they get your phone off you so they can get a good high res snapshot of your fingertip.

If someone did do this in a real world application I imagine it would be some government agency or corporate espionage level stuff happening, and you'd have bigger things in your life to worry about than them unlocking your phone to use Apple Pay.
 
Just the latex fingerprint...created by the following process:

"First.....to use Apple Pay.


I watched a few videos of how people have done it. You can use silicone, but you also have to put some graphite in the mix to give it capacitance, so it more closely simulates skin.

This is something a 3d printer would be good for (printing the finger print mould, that you would put your silicone/graphite mix into). :)

Anywho, that's just hypothetical.

This thread should just die - the watch is every bit as secure as the iPhone in regards to ApplePay and I do hope future revisions of the watch do have Touch ID. (I'm not afraid of people copying my prints) :)
 
Question to all those who are worried about either their phone or watch being stolen, and their ApplePay hacked (via TouchID being faked or their passcode guessed): Do you carry your credit cards with you in your wallet or purse?

Those are much more easily stolen from you without your noticing, used at a greater number of merchants/POS points, and with absolutely no security measures to stop the burglar.

Put your worries where they belong. Not where they are wasted.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.