I kinda understand it not being put into full use in iOS7, but now we're a year on, into iOS 8, and there are still loads of parts of the OS that require typing in the passcode. Why not just enabled TouchID everywhere a passcode is needed?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why isn't TouchID enabled all through iOS?
- Thread starter MoodyM
- Start date
- Sort by reaction score
Yeah, I'm talking about within the OS - things like viewing Safari passwords in the keychain, updating the OS, resetting the phone, etc.
On that note, it's absolutely ridiculous that you don't have to at least enter your iCloud password before viewing all of the stored passwords in plain text.
No, you don't? If you don't have TouchID or passcode enabled, you can just look at all the passwords in Settings without authenticating at any point.
Yeah. I understand that by not enabling these things, I am shouldering a certain amount of risk and even if they were protected, an thief could just use Safari and log in. But there's something a bit different about easily displaying a convenient list of all my passwords.
Safari can store passwords without the phone even being logged in to iCloud, so it would make little sense to tie this to the iCloud password. If anything, there could be a setting under "Restrictions". But even then it would not be secure, since you don't get data protection (i.e. secure memory encryption) without a passcode, so the Safari passwords could be easily extracted even if you could not view them in the settings.
Bottomline is: Don't store sensitive information on a device without setting a passcode.
Thanks for lecture. I am aware that not using a passcode is my own foolish choice. But certainly there is a halfway point between locking the whole device all the time and allowing quick and easy access to a list of all my passwords.
Apple forces me to use a password on my Mac if I want to allow Safari to override sites that don't usually allow the saving of passwords (though it syncs those passwords back to all devices passcoded or not), so certainly they could force a passcode, Touch ID, or iCloud authentication before allowing Safari to store or show passwords.
Even if choose to physically hand someone my device unlocked, would it not be prudent to reauthenticate before showing a plain text list of all passwords? I mean, they can't even download a free app without doing that. Many password managers require this as well, even if you're already logged in.
On my 5s, iOS 8.0, when going to Settings>Safari>Passwords>Saved Passwords, it asks me for my passcode before showing me the passwords.
Still, I agree it's silly for core iOS apps such as Settings to still ask for a passcode/password - Touch ID should be sufficient. Another example would be iCloud settings (new to iOS 8) - you have to type your iCloud password. Why not just use Touch ID?
Still, I agree it's silly for core iOS apps such as Settings to still ask for a passcode/password - Touch ID should be sufficient. Another example would be iCloud settings (new to iOS 8) - you have to type your iCloud password. Why not just use Touch ID?
