Since you generally have to hold your phone to use it, I cannot imagine what could possibly be quicker and easier than an ultra-fast and reliable fingerprint scanner like Touch ID.
Presumably, you're holding your phone regardless. I think infrared iris scanners can add a slight bit of inconvenience compared to a fingerprint scanner; on the other hand, as far as biometrics go, it's certainly a heck of a lot more secure. Not that that's saying much, of course. Future versions will likely improve distance and viewing angles to a degree.
So you can choose between secure Iris scanning which is slow as ****, unreliable and requires you to hold your phone in an awkward angle to your face and fast Face Recognition, which is as secure as a 2 digit passcode.
Cool.
The iris scanners on the Note 7 were surprisingly fast in everday usage while I had one (twice). Before the, uh, you know. Generally speaking, you'd unlock pretty much immediately when you pulled it up to use. I didn't really need to use any awkward angles in general use, but it's entirely possible I adapted and never noticed during my testing phase.
On its own, biometric identification has always been a horribly flawed idea despite its perceived convenience for consumers. There are the usual questions of privacy and government databases, which always get raised. And the ease of court's ability to compel you to unlock your phone with a fingerprint, compared to compelling passwords (
though that might change). Setting those questions aside, your biometric data is--by definition--not secure. It can be slightly hard to get (not by much--lifting a fingerprint, getting a usable photo of a person's face, etc. just involves a bit of work), but your biometric data is
always and
permanently exposed. There are plenty of ways to circumvent fingerprint scanners. Heck, a researcher
reconstructed the German defense minister's fingerprint based on a photo (video is in German, no captions unfortunately). The original article is just one of many examples of facial recognition being tricked. An infrared iris scanner might be harder to trick, but that's not the same as being impossible. All of which assumes that there aren't other bugs that can be leveraged to gain access to a device.
Fingerprint scanners are now ridiculously fast compared to their original iterations. I tested it out when my LG V20, and it was pretty much immediate. Being situated on the power button on the back, it made it so the phone unlocked pretty much the moment it's touched to turn the screen on. Very, very convenient. But very insecure, which is why I won't use it. And I know I'm not alone on that front. Which made Apple's adding Touch ID to the MBP, and touting its value for unlocking your Mac, kind of horrifying.
What really surprises me is that device manufacturers haven't given users the option of enabling multiple authentication options in an effort to at least compensate to a degree. You have the various biometric ID options, passcodes, trusted bluetooth devices and locations, etc. Allowing you to enable multiple options surely wouldn't hurt anything: iris scans alongside facial recognition or fingerprints, requiring a passcode (possibly shortened) in addition to another option, etc. Trusted device *not* connected? Require an additional element, such as a passcode. You can enable both, and use either one, but not both.
None of that makes it less insecure to a dedicated attacker, but it would add an additional hurdle or two. For users who value convenience over even basic security, it wouldn't actually affect anything for them. Anyhow, sorry for running off on a slight tangent.
