Apple Quietly Added New Passcode Requirement for Touch ID

[NightFox]

At last, this explains why my iPhone has seemed to randomly require a passcode to unlock it for no apparent reason at arbitrary times over the last few months - I guess I was hitting the 8hrs/6 days trigger. I just thought it was a glitch, now I know otherwise. I'm honestly surprised this hasn't been identified earlier as it's been affecting me, and presumably many others, for quite a while now.

 

[C DM]

Lol I like this. I don't mind putting in my passcode once a day for this. I shouldn't laugh as this is a touchy subject when we think about it, but it's such a sneaky move by Apple. And it just makes me chuckle when I think about how deflated this must make Coney and company feel.

[doublepost=1463641356][/doublepost]

All the time? It's once a day, MAYBE twice if you never use your phone except for those two times. For a little perspective, the average person unlocks their phone something like 70 times a day. 1/70 is like nothing.

It's not even close to that. Once a week basically, if that.

 

[emm386]

I am actually with Apple on this one.

Not absolutely convincing from a convenience point-of-view, but from any other perspective, i find it is.

... at least for as long as people who are not found guilty yet can be forced to unlock their devices with their fingerprint: A bummer in my personal opinion.

 

[subjonas]

It's not even close to that. Once a week basically, if that.

Well I think the '8 hours without Touch ID' rule will get a lot of people since a lot of people sleep around 7-8 hours.

 

[Someone256]

Apple recently added a new passcode requirement rule for iPhones with Touch ID enabled, according to MacWorld. The new rule requires a user to enter a passcode when an iPhone or iPad has met two conditions: the device has not been unlocked via a passcode for six days and has not been unlocked with Touch ID for the past eight hours.

The previous five passcode requirements are: the device has been turned on or restarted, the device has not been unlocked for 48 hours, the device has received a remote lock command from Find My iPhone, five unsuccessful Touch ID attempts and adding new fingers to Touch ID.

It's unclear why Apple added the restriction and why it chose an eight-hour window, but the rule comes after a judge granted a search warrant forcing a woman to unlock her iPhone with Touch ID. The decision comes as some believe the biometric nature of Touch ID isn't protected by the Fifth Amendment's protection against self-incrimination. Passcodes, however, are considered protected individual privacies.

Article Link: Apple Secretly Adds New Passcode Requirement for Touch ID

That's amazing, Apple definitely knows how to secure their devices.
Now even if a judge orders you to unlock your device with your fingerprint until you actually unlock it the phone will already be locked by a passcode and you'll be 100% safe again (assuming you have the "erase phone" option enabled which you should).

 

[Rychiar]

Apple recently added a new passcode requirement rule for iPhones with Touch ID enabled, according to MacWorld. The new rule requires a user to enter a passcode when an iPhone or iPad has met two conditions: the device has not been unlocked via a passcode for six days and has not been unlocked with Touch ID for the past eight hours.

The previous five passcode requirements are: the device has been turned on or restarted, the device has not been unlocked for 48 hours, the device has received a remote lock command from Find My iPhone, five unsuccessful Touch ID attempts and adding new fingers to Touch ID.

It's unclear why Apple added the restriction and why it chose an eight-hour window, but the rule comes after a judge granted a search warrant forcing a woman to unlock her iPhone with Touch ID. The decision comes as some believe the biometric nature of Touch ID isn't protected by the Fifth Amendment's protection against self-incrimination. Passcodes, however, are considered protected individual privacies.

Article Link: Apple Secretly Adds New Passcode Requirement for Touch ID

I hate this crap. What is the point of touch ID if it doesn't just work? I'm someone who always turns my iPhone off at night. I'm convinced its why i've had so few issues with any iPhone since the original. why should I ever have to enter a passcode when i have touch ID. currency it seems like i have to do it every time i download and app which defeats the purpose of touch ID

 

[C DM]

Well I think the '8 hours without Touch ID' rule will get a lot of people since a lot of people sleep around 7-8 hours.

It's 8 hours after 6 days have passed since the last time the passcode has been used, thus would essentially come up just once a week or so (if at all if someone uses the passcode at some point perior to that).
[doublepost=1463642860][/doublepost]

I hate this crap. What is the point of touch ID if it doesn't just work? I'm someone who always turns my iPhone off at night. I'm convinced its why i've had so few issues with any iPhone since the original. why should I ever have to enter a passcode when i have touch ID. currency it seems like i have to do it every time i download and app which defeats the purpose of touch ID

You can quickly unlock your phone with it aside from the first time after a reboot. Same goes for purchases/downloads after the first time. Hardly defeats the purpose.

 

[Shirasaki]

Interesting; I wonder why they picked 8 hours. Most people sleep around that much, so this means folks will have to enter their password about once a week on average if they don't reboot their phone (most people don't)

This also forces me to sleep less than 8 hrs at night, or I will need to enter passcode after getting up.

 

[subjonas]

It's 8 hours after 6 days have passed since the last time the passcode has been used

Ah you are right. I wonder why they added that 8 hour rule then.

 

[Shirasaki]

What I find super annoying is having to put in my Apple ID password the first time u want to download something in the store. Why isn't TouchID enough? You already had to put in the passcode after the reboot anyway. Are they saying TouchID isn't trustworthy enough to confirm its really you?

Then Apple will store Apple ID password inside security enclave indefinitely, even after reboot.
This is not good.

 

[allanfries]

Speaking of security.
I would like to see the touch ID or passcode required for the turning on of airplane mode, as well as turning the device off. This would be a welcome security feature if the device is stolen. Can't believe its not a feature already.

 

[decx]

Speaking of security.
I would like to see the touch ID or passcode required for the turning on of airplane mode, as well as turning the device off. This would be a welcome security feature if the device is stolen. Can't believe its not a feature already.

Your first point can be accomplished by disabling the ability to access the Control Centre from the lock screen.

 

[gladoscc]

Speaking of security.
I would like to see the touch ID or passcode required for the turning on of airplane mode, as well as turning the device off. This would be a welcome security feature if the device is stolen. Can't believe its not a feature already.

Apple will get into serious trouble with the FAA. The regulations for compliance mandate you must be able to ten the signals off in some way.

Same regulations apply for secure air gap areas.

 

[hirshnoc]

Yeah, it was in there since iOS 9.0. I rarely use my iPad Mini, and I've noticed for several months that it's been asking for my passcode after I leave it sitting around for a few days. So nothing new.

 

[Aetles]

Okay, so Touch ID was meant to be an easier way to unlock the device, but Apple for some unknown reason requires people to use Passcode pretty much all the time... Then why the f*** do we have Touch ID?

It it not "all the time" and the reason is not unknown. It's the balance between strong security and protection of personal integrity on one end and the convenience on the other end. Exactly where to draw the line could be debated, but it's not unclear why.

Touch ID still provides a convenient solution for most people, most of the time.

 

[The-Pro]

So that means after most people wake up in the morning they will have to enter the passcode.

 

[576316]

This isn't going to solve much because the vast majority of people still use a 4 digit passcode. Most don't know that they can make it longer, either 6 digits or alphanumeric. The root problem is that 4 digits is still an option.

I also see a great deal of people that are not making use of TouchID at all. Most of the time the response is "I didn't know I could do that" or "I don't know how to set that up."

I've set mine now to an alphanumeric passcode which is upwards of 10 digits. Use TouchID to get in 95% of the time so it isn't an inconvenience having a very long passcode. Although Apple should make 6 digits at least compulsory, 4 digits is too easy.

 

[apolloa]

Oh that's useful, 8 hours! Way to go to make your ease if use features not easy to use Apple.

I think 12 hours or more is acceptable, not the length of time you sleep.
Just seems like a knee jerk reaction which isn't solving any problem.
Perhaps it would have been better for Apple to let you decide how long the time is, say 8, 10, 12 hours etc, but that's it Apple then.
[doublepost=1463653610][/doublepost]

As someone who considers the possibility that the government will seek out and find something incriminating on my phone almost as likely as being struck by lightening twice in the same day, I find the constant demand to double-unlock it for my own use to be nothing better than an annoying sop to the massively paranoid.

A perfect reply to this news article and feature. Thank you sir. I totally agree.

 

[mateytate]

What would be good is if they had a duress mode similar to an alarm system. i.e. If you're being forced to unlock it you could use a certain finger which it would recognize and automatically wipe the phone, same with a passcode, have a standard password to unlock, and one to wipe. No warning, no chance to back out - you use your left pinky for example to unlock the phone then boom, it's wiped.

 

[Luigi55]

I am still using an iPhone 5, therefore I do not have experience with Touch ID but I have some thought about it.

Apple is trying to protect privacy but it seems also that it is taking away freedom of choice to the users. The security timing should be fully customisable.

I would like to be able to unlock my iPhone with touch ID only, forever, and not having to input every 8 hours a long alphanumeric code etc. etc. This protection is enough for me. Maybe other peoples wants to have the option to get the passcode requested every two hours, fine. When a new iPhone is set up the first time, the user should have a screen where he/she can choose the preferred options.

 

[b0nd18t]

"It's unclear why Apple added the restriction..."

Search "encryption" and "FBI" and "iPhone" to answer your question.

 

[GlenK]

This should be configurable.

Agree completely!! I'm retired and my iPhone is at extremely low risk in the security department. Should be able to set these up for individual needs. I had noticed more requiring of pass code but hadn't connected the dots!!
Brain must be slowing down too!!

 

[2457282]

It is ironic to me that at the initial launch of TouchID, it was meant to be a more secure way to look access to your phone - way more secure than a 4 digit passcode. My how times have changed. It would be even more amazing when a future feature of an iPhone is the removal of TouchID.

 

[Kkspire]

This isn't going to solve much because the vast majority of people still use a 4 digit passcode. Most don't know that they can make it longer, either 6 digits or alphanumeric. The root problem is that 4 digits is still an option.

I also see a great deal of people that are not making use of TouchID at all. Most of the time the response is "I didn't know I could do that" or "I don't know how to set that up."

The people that use 4 digit passcode usully have nothing to hide and are not concerned with security so does it really matter

 

[Porco]

The existing 48-hour thing rarely seems to bear any relationship to real time for me.

Also, this right to private password thing is nice if you're in the US, but in the UK (for example) you could be sent to jail for refusing to reveal a password, so I'm not sure how I'd feel about Apple using US law to base their passcode requirements for everyone globally... (if that is what they are doing).

It could just be tightening security generally of course, but the danger is people start using much easier, shorter passcodes in response to the frequency they have to use them.

As usual, giving users the options to configure their devices the way that works for them is the best plan, IMHO. But the ability to secure the phone well is important for a whole range of reasons, in a whole range of disparate circumstances.