Why isn't TouchID enabled all through iOS?

Discussion in 'iOS 8' started by MoodyM, Sep 24, 2014.

  1. MoodyM macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #1
    I kinda understand it not being put into full use in iOS7, but now we're a year on, into iOS 8, and there are still loads of parts of the OS that require typing in the passcode. Why not just enabled TouchID everywhere a passcode is needed?
     
  2. Lax1085 macrumors member

    Joined:
    Jun 22, 2010
    #2
    because Apple just gave developers an API to implement this. Its up to them whether they want to or not.


    edit: never mind thought you meant across all apps.
     
  3. MoodyM thread starter macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #3
    Yeah, I'm talking about within the OS - things like viewing Safari passwords in the keychain, updating the OS, resetting the phone, etc.
     
  4. fivedots macrumors 6502a

    Joined:
    Jun 29, 2011
    #4
    On that note, it's absolutely ridiculous that you don't have to at least enter your iCloud password before viewing all of the stored passwords in plain text.
     
  5. MoodyM thread starter macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #5
    Erm, you do?
     
  6. fivedots macrumors 6502a

    Joined:
    Jun 29, 2011
    #6
    No, you don't? If you don't have TouchID or passcode enabled, you can just look at all the passwords in Settings without authenticating at any point.
     
  7. MoodyM thread starter macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #7
    Oh right, I never knew that, I've always had a code/TouchID enabled.
     
  8. fivedots macrumors 6502a

    Joined:
    Jun 29, 2011
    #8
    Yeah. I understand that by not enabling these things, I am shouldering a certain amount of risk and even if they were protected, an thief could just use Safari and log in. But there's something a bit different about easily displaying a convenient list of all my passwords.
     
  9. MoodyM thread starter macrumors 6502a

    MoodyM

    Joined:
    Aug 14, 2008
    #9
    I just don't get why it's not implemented system-wide by Apple.
     
  10. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #10
    Safari can store passwords without the phone even being logged in to iCloud, so it would make little sense to tie this to the iCloud password. If anything, there could be a setting under "Restrictions". But even then it would not be secure, since you don't get data protection (i.e. secure memory encryption) without a passcode, so the Safari passwords could be easily extracted even if you could not view them in the settings.

    Bottomline is: Don't store sensitive information on a device without setting a passcode.
     
  11. fivedots macrumors 6502a

    Joined:
    Jun 29, 2011
    #11
    Thanks for lecture. I am aware that not using a passcode is my own foolish choice. But certainly there is a halfway point between locking the whole device all the time and allowing quick and easy access to a list of all my passwords.

    Apple forces me to use a password on my Mac if I want to allow Safari to override sites that don't usually allow the saving of passwords (though it syncs those passwords back to all devices passcoded or not), so certainly they could force a passcode, Touch ID, or iCloud authentication before allowing Safari to store or show passwords.

    Even if choose to physically hand someone my device unlocked, would it not be prudent to reauthenticate before showing a plain text list of all passwords? I mean, they can't even download a free app without doing that. Many password managers require this as well, even if you're already logged in.
     
  12. KoolAid-Drink macrumors 65816

    Joined:
    Sep 18, 2013
    Location:
    California
    #12
    On my 5s, iOS 8.0, when going to Settings>Safari>Passwords>Saved Passwords, it asks me for my passcode before showing me the passwords.

    Still, I agree it's silly for core iOS apps such as Settings to still ask for a passcode/password - Touch ID should be sufficient. Another example would be iCloud settings (new to iOS 8) - you have to type your iCloud password. Why not just use Touch ID?
     
  13. JWorld127 macrumors 6502

    JWorld127

    Joined:
    Jan 12, 2013
    #13
    When will Apple finally let us choose which app require password or fingerprint to access? I understand opening the phone from lockscreen but what about for messages, emails and photos???
     

Share This Page