Why isn't TouchID enabled all through iOS?

MoodyM

macrumors 6502a
Original poster
Aug 14, 2008
776
24
I kinda understand it not being put into full use in iOS7, but now we're a year on, into iOS 8, and there are still loads of parts of the OS that require typing in the passcode. Why not just enabled TouchID everywhere a passcode is needed?
 

Lax1085

macrumors member
Jun 22, 2010
48
8
because Apple just gave developers an API to implement this. Its up to them whether they want to or not.


edit: never mind thought you meant across all apps.
 

MoodyM

macrumors 6502a
Original poster
Aug 14, 2008
776
24
because Apple just gave developers an API to implement this. Its up to them whether they want to or not.


edit: never mind thought you meant across all apps.
Yeah, I'm talking about within the OS - things like viewing Safari passwords in the keychain, updating the OS, resetting the phone, etc.
 

fivedots

macrumors 6502a
Jun 29, 2011
695
3
Yeah, I'm talking about within the OS - things like viewing Safari passwords in the keychain, updating the OS, resetting the phone, etc.
On that note, it's absolutely ridiculous that you don't have to at least enter your iCloud password before viewing all of the stored passwords in plain text.
 

MoodyM

macrumors 6502a
Original poster
Aug 14, 2008
776
24
No, you don't? If you don't have TouchID or passcode enabled, you can just look at all the passwords in Settings without authenticating at any point.
Oh right, I never knew that, I've always had a code/TouchID enabled.
 

fivedots

macrumors 6502a
Jun 29, 2011
695
3
Oh right, I never knew that, I've always had a code/TouchID enabled.
Yeah. I understand that by not enabling these things, I am shouldering a certain amount of risk and even if they were protected, an thief could just use Safari and log in. But there's something a bit different about easily displaying a convenient list of all my passwords.
 

MoodyM

macrumors 6502a
Original poster
Aug 14, 2008
776
24
I just don't get why it's not implemented system-wide by Apple.
 

Rigby

macrumors 603
Aug 5, 2008
5,150
4,921
San Jose, CA
On that note, it's absolutely ridiculous that you don't have to at least enter your iCloud password before viewing all of the stored passwords in plain text.
Safari can store passwords without the phone even being logged in to iCloud, so it would make little sense to tie this to the iCloud password. If anything, there could be a setting under "Restrictions". But even then it would not be secure, since you don't get data protection (i.e. secure memory encryption) without a passcode, so the Safari passwords could be easily extracted even if you could not view them in the settings.

Bottomline is: Don't store sensitive information on a device without setting a passcode.
 

fivedots

macrumors 6502a
Jun 29, 2011
695
3
Safari can store passwords without the phone even being logged in to iCloud, so it would make little sense to tie this to the iCloud password. If anything, there could be a setting under "Restrictions". But even then it would not be secure, since you don't get data protection (i.e. secure memory encryption) without a passcode, so the Safari passwords could be easily extracted even if you could not view them in the settings.

Bottomline is: Don't store sensitive information on a device without setting a passcode.
Thanks for lecture. I am aware that not using a passcode is my own foolish choice. But certainly there is a halfway point between locking the whole device all the time and allowing quick and easy access to a list of all my passwords.

Apple forces me to use a password on my Mac if I want to allow Safari to override sites that don't usually allow the saving of passwords (though it syncs those passwords back to all devices passcoded or not), so certainly they could force a passcode, Touch ID, or iCloud authentication before allowing Safari to store or show passwords.

Even if choose to physically hand someone my device unlocked, would it not be prudent to reauthenticate before showing a plain text list of all passwords? I mean, they can't even download a free app without doing that. Many password managers require this as well, even if you're already logged in.
 

KoolAid-Drink

macrumors 65816
Sep 18, 2013
1,422
404
USA
On my 5s, iOS 8.0, when going to Settings>Safari>Passwords>Saved Passwords, it asks me for my passcode before showing me the passwords.

Still, I agree it's silly for core iOS apps such as Settings to still ask for a passcode/password - Touch ID should be sufficient. Another example would be iCloud settings (new to iOS 8) - you have to type your iCloud password. Why not just use Touch ID?
 

JWorld127

macrumors 6502
Jan 12, 2013
326
24
When will Apple finally let us choose which app require password or fingerprint to access? I understand opening the phone from lockscreen but what about for messages, emails and photos???
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.