Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
He might have been joking, but my first thought was of college dorm mates. Oh man did we use to play tricks on sleeping people. heh heh

If TouchId had been around back then, there's not a doubt in the world that we would have tried using it on some poor sucker :D



It is hardly slim to none. Plenty of YouTube videos show people spoofing TouchID on their first attempt with a print they made from easily obtainable materials.

Just because the methods seem difficult to you, does not make it seem difficult to those of us with circuit board or modeling experience. Or anyone with the ability to follow instructions.

While it's possible those YouTube videos do show actual spoofing... Overall, they're click-bait, and have to be taken with a grain of salt. The comment about circuit board or modeling experience holds true for video production as well.

One of the first rules of slight-of-hand and con games... people see what you tell them they're seeing.
 
It improves with time.

Perhaps your finger was dirty when you set it up initially?

If you always use the same finger (or two) set the same finger up as separate fingers in the TouchID settings. This helps from my experience.

Thanks for that suggestion. I'll try it in a week when my new (first) smartphone arrives. Probably won't bother with the tablet.
 
  • Like
Reactions: willmtaylor
While it's possible those YouTube videos do show actual spoofing... Overall, they're click-bait, and have to be taken with a grain of salt.

You can't seriously be claiming that. If you are, then you will have lost all credibility on the topic.

The basic technique has been known since the turn of the century.

Anyone who can follow instructions can do it.
 
You can't seriously be claiming that. If you are, then you will have lost all credibility on the topic.

The basic technique has been known since the turn of the century.

Anyone who can follow instructions can do it.

I lose credibility because I point out that not everything on YouTube may be as it appears to be? Incredible!

Read my post again. I did not deny that it is possible to spoof fingerprints. I simply challenged the notion that the existence of YouTube videos can be used as proof. Filmmakers have been faking stuff since before the turn of the 20th Century. You can't be sure whether someone is producing a documentary, or putting on a show.

Try this recent example: https://www.macrumors.com/2016/03/07/video-iphone-passcode-glitch-is-false/

Now, before you start jumping up and down, shouting, "This isn't about spoofing fingerprints!" The point, again, is about the trustworthiness of YouTube videos. If you believe they're all honest, then back at you when it comes to credibility.

You want to produce better proof than YouTube? Cite articles like this, instead: https://www.macrumors.com/2013/09/24/touch-id-bypass-detailed-average-consumer-shouldnt-worry/
 
  • Like
Reactions: willmtaylor
I lose credibility because I point out that not everything on YouTube may be as it appears to be? Incredible!

No sir, you will lose credibility if you use that to insinuate that TouchID cannot be spoofed. It can. Period. If that's not what you meant, then we're in agreement.

You want to produce better proof than YouTube? Cite articles like this, instead: https://www.macrumors.com/2013/09/24/touch-id-bypass-detailed-average-consumer-shouldnt-worry/

That's proof that it was spoofed.

I think what you two gentlemen might be trying to say, is that it's not going to be a common occurrence. If so, I agree.
 
No sir, you will lose credibility if you use that to insinuate that TouchID cannot be spoofed. It can. Period. If that's not what you meant, then we're in agreement.



That's proof that it was spoofed.

I think what you two gentlemen might be trying to say, is that it's not going to be a common occurrence. If so, I agree.
Does anyone else think my posts insinuate that TouchID cannot be spoofed?

I'm beginning to lose faith in the reading comprehension of the public.
 
1. How secure is touch ID?

2. Do you use it or use a text or swipe password? Why do you use what you use?

Thanks for answering! :)

Very secure. Perhaps the most secure option available to consumers to lock down their personal data and use their credit cards. Why do I feel this way? To my knowledge no one has ever hacked it (other than one rather elaborate and difficult fingerprint lifting technique that got publicized right after the original release of TouchID using the first-gen sensor). If someone had, I believe it would be plastered all over the news today. Second, Apple has baked security deep into the hardware. It's not just the fingerprint sensor - it's the secure enclave and the way it all comes together. Security experts praise it. My phone is loaded with my personal data and three of my credit cards, and locked down with an alphanumeric password and my fingerprint. I'm completely comfortable with it. I can't say that about the physical cards in my wallet, even with the new computer chip in them.

Pretty secure for general use. The only thing I would be worried about is a snooping partner (gf/bf/wife/husband) who uses your thumb while you are asleep.

When my 7 year old wants to play on my phone, she grabs it, comes over to me, grabs my thumb, and places it on the sensor. She's pretty sly about it.
[doublepost=1458850421][/doublepost]
Sigh. No, it doesn't. If it were the only means of authenticating access to your phone? Then yes it would be. But its not. It is just a brilliant, speedy, and convenient way of bypassing your own Passcode. It is a genius feature, but at no point should people labor under the delusion that Touch ID = security, until the day a Passcode is not required.

Yes setting up a good passcode is critical, but TouchID enables people to utilize a very secure password without the inconvenience normally associated with it. I've got a complex alphanumeric passcode, but rarely need to enter it. My thumb unlocks the phone in a millisecond. And all my other passwords are stored in Lasspass which is locked behind TouchID. With that system in place, I'm able to utilize much more secure passcodes across the board.
 
TouchID enables people to utilize a very secure password without the inconvenience normally associated with it.

It encourages it. But unfortunately that passcode has to be entered fairly frequently. I'm sure most people are still using 4 digit passcodes.
 
To my knowledge no one has ever hacked it (other than one rather elaborate and difficult fingerprint lifting technique that got publicized right after the original release of TouchID using the first-gen sensor). If someone had, I believe it would be plastered all over the news today.

Plenty of people have reproduced the same spoof method, and come up with variations of making the prints, as well as how to obtain them (such as using photos taken from ten feet away).

Heck, it's been done so many times that it's no longer news, which is why you don't hear much about it any more. (Except when a new iPhone model comes out and someone reports that, yes, spoofing still works. E.g. Why I hacked TouchID again and still think it's awesome.)

Yes setting up a good passcode is critical, but TouchID enables people to utilize a very secure password without the inconvenience normally associated with it.

Yep, that's exactly its purpose. To allow people to set a secure password, but get past it conveniently, in a way that is semi-secure... as long as no one is actually targeting you. Or as along as nobody is there to order you to unlock your phone, such as police can constitutionally do via TouchID (but not via passcode).

It's a great and handy feature. But it is not "the most secure option" to lock down your phone. Setting a good passcode and turning OFF TouchId is. It'd be even better if Apple would allow us to set an option to require BOTH a finger AND a passcode/PIN.
 
If I don't commit a crime, I don't need to worry about this. If I commit a crime, I've made some stupid decisions. If I've made stupid decisions, I've got no one to blame but myself.
If I'm arrested and I'm innocent, I would want information to come out right away.

Hopefully, when you are arrested, you'll have time to power down your phone. TouchID will not unlock a phone that has been turned on.
 
... It'd be even better if Apple would allow us to set an option to require BOTH a finger AND a passcode/PIN.

That would only be acceptable if fingerprint recognition had a better success rate. If they required both, and then it failed to recognize your fingerprint, you'd be locked out of your own phone. My iPad has such a poor recognition rate, and I had to resort to the passcode so often, that I quit using fingerprint ID. With your system, I'd be locked out of my iPad twice a day and have to resort to whatever complicated recovery method is available.
 
That would only be acceptable if fingerprint recognition had a better success rate. If they required both, and then it failed to recognize your fingerprint, you'd be locked out of your own phone.

Good point and I should've been clearer: two factor convenient authentication could be your finger and a short PIN. This gets rid of easy police access, and is much more secure than either method alone.

Your long passcode could still be used by itself in case your finger doesn't work.
 
Plenty of people have reproduced the same spoof method, and come up with variations of making the prints, as well as how to obtain them (such as using photos taken from ten feet away).

Heck, it's been done so many times that it's no longer news, which is why you don't hear much about it any more. (Except when a new iPhone model comes out and someone reports that, yes, spoofing still works. E.g. Why I hacked TouchID again and still think it's awesome.)



Yep, that's exactly its purpose. To allow people to set a secure password, but get past it conveniently, in a way that is semi-secure... as long as no one is actually targeting you. Or as along as nobody is there to order you to unlock your phone, such as police can constitutionally do via TouchID (but not via passcode).

It's a great and handy feature. But it is not "the most secure option" to lock down your phone. Setting a good passcode and turning OFF TouchId is. It'd be even better if Apple would allow us to set an option to require BOTH a finger AND a passcode/PIN.

From your article:
THE SKY IS FALLING!!!

"Just like its predecessor — the iPhone 5s — the iPhone 6’s TouchID sensor can be hacked. However, the sky isnt falling. The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual. I’ll reiterate my analogy from my last blog on TouchID: We use locks on our doors to keep criminals out not because they are perfect, but because they are both convenient and effective enough to meet most traditional threats.

The fact that Apple has tweaked the TouchID sensor a little bit means that they are working to improve things, even if those changes are primarily focused on making it easier to use. As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone."

Ok...so maybe it isn't falling after all. :rolleyes:
 
  • Like
Reactions: redman042
Nobody said it was. That's why I posted that link to an article saying it wouldn't normally be a problem.

You're mixing up whether or not it can be spoofed, with whether it's worth worrying over. My posts were responses to those who mistakenly believed it cannot be spoofed.
Fair enough.

That being said though, you also became quite defensive with all of my posts when it was clear from the beginning that I was talking about relative real-world risks.
 
That is not the least bit true, nor what I'm saying. The Passcode is ALWAYS available as the PRIMARY method of entry.

Touch ID is not security.
Touch ID by design REQUIRES the security! You can't use Touch ID without an accompanied passcode. As I said previously many people didn't use passcodes because they wanted quick access into their phones. Touch ID (when enabled) absolutely provides passcode security.

Therefore, Touch ID is only as secure as the passcode you use when turning on Touch ID.

Touch ID is an Apple feature. It requires BOTH a finger print AND a passcode.

You're getting hung up on the fingerprint aspect of Touch ID only.

I promise you if you enable Touch ID, a thief will have to crack the security parameters you set when you turned it on. As such, Touch ID is security.
 
I know TouchID isn't 100% foolproof, but it still seems to be much better than just about any other alternative. If criminals were routinely breaking into iPhones, we'd certainly be hearing about it in the news.
 
  • Like
Reactions: ABC5S
Nothing is ever 100% secure. The point is to make it hard enough to break in that the criminals will go after someone else instead. :eek:
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.