HT204587: About Touch ID security on iPhone and iPad
Learn about About Touch ID security on iPhone and iPad
-
All replies
-
Helpful answers
-
Jan 9, 2016 6:42 AM in response to jmillernjby sberman,★HelpfulNo.
See the "Secure Enclave" section of the article you attached above.
-
Jan 9, 2016 6:53 AM in response to sbermanby jmillernj,★HelpfulThanks for the response. However, unless the encryption key is dynamic and changes each time the fingerprint is used, it won't be secure. So, is the fingerprint encoded differently on each use?
-
Jan 9, 2016 7:26 AM in response to jmillernjby Michael Black,I don't think you've read and understand how the fingerprint sensor actually works. The fingerprint sensor communicates with the encryption chip and firmware in the device only. It never transmits anything anywhere.
When using the finger print sensor with 3rd party apps, all the finger print sensor does is act as a device proxy to release and use your passcode stored in the encrypted data with the app or service. It saves you having to type your passcode in the app or service login, but the fingerprint itself is only used locally on the device to authenticate the user for permission to use the security settings of the app.
So your fingerprint data is NOT what is ultimately authenticating with the app or service. That part is still handled by whatever password or token the app or system normally uses. All your fingerprint does is authenticate you with the device to release the app or service to continue and authenticate its connection. The fingerprint functions as a local device security proxy for those apps and services - it does not replace their original security method or model.
-
Jan 10, 2016 1:13 PM in response to Michael Blackby jmillernj,Michael
Thanks for the explanation. However, I think the question I was really trying to ask is "am I any more secure on a public wifi with the fingerprint vs just typing in a password". I think the answer is NO - that both methods leave me more exposed to getting hacked as compared to logging in from my private wifi w/WPA2.
-
Jan 10, 2016 1:45 PM in response to jmillernjby Michael Black,jmillernj wrote:
Michael
Thanks for the explanation. However, I think the question I was really trying to ask is "am I any more secure on a public wifi with the fingerprint vs just typing in a password". I think the answer is NO - that both methods leave me more exposed to getting hacked as compared to logging in from my private wifi w/WPA2.
Well, sure, any public wifi will typically be less secure than your own personal and locked down and secured wifi node that you yourself have physical control over.
-
Jan 10, 2016 2:01 PM in response to jmillernjby Lawrence Finch,jmillernj wrote:
Michael
Thanks for the explanation. However, I think the question I was really trying to ask is "am I any more secure on a public wifi with the fingerprint vs just typing in a password". I think the answer is NO - that both methods leave me more exposed to getting hacked as compared to logging in from my private wifi w/WPA2.
If log in to a TLS protected web site (https://) your access will be secure, even over an open network. Apple requires all apps that access Internet services to use TLS encryption, so apps that use either passwords or fingerprints to unlock the app will also be secure. Thus, neither method leaves you exposed to getting hacked.