Game Dude

Q: Is the finger print sensor secure?  The phone ask for my PIN constantly. I know on Windows computers with finger print scanners I am not asked for my password.

Will an update come out which fixes the iPhone?  I would like to know that my data is secure. 

iPhone 6s Plus, iOS 9.1

Posted on Oct 31, 2015 10:52 AM

Close

Q: Is the finger print sensor secure?  The phone ask for my PIN constantly. I know on Windows computers with finger print scanne ... more

  • All replies
  • Helpful answers

Page 1 Next
  • by Briansyddall,

    Briansyddall Briansyddall Oct 31, 2015 11:10 AM in response to Game Dude
    Level 6 (8,854 points)
    Apple Watch
    Oct 31, 2015 11:10 AM in response to Game Dude

    Hi

    Iphone / ipad finger print sener works very well if you have a problem

    Just delete  and add prints back again .

    Passcode always  needed when you first turn on each day .

    Cheers

    Brian ( UK )

  • by Meg St._Clair,

    Meg St._Clair Meg St._Clair Oct 31, 2015 11:23 AM in response to Game Dude
    Level 9 (59,201 points)
    iPhone
    Oct 31, 2015 11:23 AM in response to Game Dude

    With TouchID enabled, you'll still be asked for your passcode when you restart the device or when you haven't accessed it in 24 hours. Are you seeing something different?

  • by Game Dude,

    Game Dude Game Dude Nov 1, 2015 8:46 AM in response to Meg St._Clair
    Level 1 (0 points)
    Nov 1, 2015 8:46 AM in response to Meg St._Clair

    I Am but my question is why do I need to enter a less secure pin or password?  Or is the finger print not secure.  If it is not secure should I disable it?  Also why don't I see this on other systems using biometric security?

  • by Game Dude,

    Game Dude Game Dude Nov 1, 2015 8:53 AM in response to Briansyddall
    Level 1 (0 points)
    Nov 1, 2015 8:53 AM in response to Briansyddall

    Thanks for your reply.  I want to know if Apple implemented a less secure finger print scan?  And will there be a fix, so I don't have to enter what should be a less secure password?  I have an RSAID token for my company network. I also use a finger print scanner to log onto my PC.  I never have to enter my password unless I need to change it.

  • by Meg St._Clair,

    Meg St._Clair Meg St._Clair Nov 1, 2015 9:34 AM in response to Game Dude
    Level 9 (59,201 points)
    iPhone
    Nov 1, 2015 9:34 AM in response to Game Dude

    Game Dude wrote:

     

    I Am but my question is why do I need to enter a less secure pin or password?  Or is the finger print not secure.  If it is not secure should I disable it?  Also why don't I see this on other systems using biometric security?

    The reason you have to do this is because it is secure. The iPhone stores your fingerprint in a way that's not readable by anything else. But that means that the phone has to be completely booted for it to work. I can't comment on how other biometric security systems work.

     

    Perhaps reading this article will help:

     

    About Touch ID security on iPhone and iPad - Apple Support

  • by Philly_Phan,

    Philly_Phan Philly_Phan Nov 1, 2015 9:42 AM in response to Game Dude
    Level 6 (13,576 points)
    iPhone
    Nov 1, 2015 9:42 AM in response to Game Dude

    Think of it this way.  Regardless of whether or not your passcode is REQUIRED, it will ALWAYS unlock the phone.  It's not a matter of the fingerprint ever being required.  The fingerprint is a convenience.  IF the passcode is not a secure mechanism (and I don't accept that it is) then you will never have true security.

     

    If security is a major concern for you, use a longer passcode - mine is eight digits.

  • by Game Dude,

    Game Dude Game Dude Nov 1, 2015 1:13 PM in response to Game Dude
    Level 1 (0 points)
    Nov 1, 2015 1:13 PM in response to Game Dude

    Thanks for your reply. I do have a longer passcode. Pass codes are less secure but the virtual keyboard makes it not practical to use a strong password. That said I will put a support ticket in to make sure.

     

    It may be secure as you say but my gut question how secure when Apple does not show the trust in the technolog. Usually strong security is preferred over passwords and especially numeric PINs

  • by Michael Black,

    Michael Black Michael Black Nov 1, 2015 1:27 PM in response to Game Dude
    Level 7 (24,763 points)
    Nov 1, 2015 1:27 PM in response to Game Dude

    You may be getting asked for the passcode often because your fingerprint sensor is dirty or smudged with skin oils. Some people report it being more problematic than others as everyone's skin chemistry is different. Try just wiping the home button when it prompts you and try again.

     

    I usa a 13 alphanumeric character complex pass phrase with my iPhone and iPad which works fine since I rarely have to actually enter it. I clean my screens and home button with a microfiber cloth.

     

    Neither a strong pass phrase or a fingerprint is inherently "more" secure than the other.  Both can be very good security if the pass phrase is well thought out when created (and is never shared nor written down anywhere other than in an encrypted pass word database or app), and on an iPhone both are stored in a strong encryption hash key.

  • by Philly_Phan,

    Philly_Phan Philly_Phan Nov 1, 2015 1:33 PM in response to Michael Black
    Level 6 (13,576 points)
    iPhone
    Nov 1, 2015 1:33 PM in response to Michael Black

    Michael Black wrote:

     

    You may be getting asked for the passcode often because your fingerprint sensor is dirty or smudged with skin oils. Some people report it being more problematic than others as everyone's skin chemistry is different. Try just wiping the home button when it prompts you and try again.

     

    I usa a 13 alphanumeric character complex pass phrase with my iPhone and iPad which works fine since I rarely have to actually enter it. I clean my screens and home button with a microfiber cloth.

     

    Neither a strong pass phrase or a fingerprint is inherently "more" secure than the other.  Both can be very good security if the pass phrase is well thought out when created (and is never shared nor written down anywhere other than in an encrypted pass word database or app), and on an iPhone both are stored in a strong encryption hash key.

    You misunderstood his point.  He maintains that a passcode is inherently insecure (I disagree with his position).

     

    Also, being asked for the passcode is not really part of the equation because, even if a fingerprint will be accepted, a passcode can ALWAYS be used.  There is no condition that requires ONLY a fingerprint.

  • by Game Dude,

    Game Dude Game Dude Nov 7, 2015 2:55 PM in response to Philly_Phan
    Level 1 (0 points)
    Nov 7, 2015 2:55 PM in response to Philly_Phan

    I agree you can use the pin anyway but that does not explain why the finger print can't stand alone. It is more secure than a pin. I don't know how a 4 digit PIN is as secure as a finger print. I use a 6 digit PIN but even that leaves 999,999 possible choices. A strong password is going to be at least 8 characters with special characters and numbers Which gives trillions of combinations. A finger print is even more complex and thus more secure.

  • by Game Dude,

    Game Dude Game Dude Nov 7, 2015 2:59 PM in response to Michael Black
    Level 1 (0 points)
    Nov 7, 2015 2:59 PM in response to Michael Black

    There is plenty of info about how secure a password is vs finger print. Also a password usually conforms to what the users percieve as memotable. This makes passwords less secure. They are not random.

  • by Phil0124,

    Phil0124 Phil0124 Nov 7, 2015 3:04 PM in response to Game Dude
    Level 7 (27,641 points)
    iPhone
    Nov 7, 2015 3:04 PM in response to Game Dude

    Yes, but what happens if for whatever reason your print cannot be read? The sensor is compromised?  Your registered finger was cut or injured, and your pattern is no longer the same? etc...

     

    The Passcode is there for redundancy. In case you ever need to access the phone without using your finger print for whatever reason.

     

    All bio-metric access systems have a secondary access method. It would be a very bad idea to trust a single method of entry.

     

    a 4 digit pin would is still very secure in terms of a cell phone, since even if you could have a computer go through all possible combinations you still need to manually type it in. And manually typing in 9999 possible numbers is going to take a bit of time.

     

    Not to mention that after several wrong attempts the iPhone will lock itslef, and will not accept any more pin numbers for a period of time. This period time gets longer the more incorrect pin numbers you try.

     

    At the end of the day it is quite secure, and offers a redundant access option when your print is not available for any reason.

  • by Michael Black,

    Michael Black Michael Black Nov 7, 2015 3:49 PM in response to Game Dude
    Level 7 (24,763 points)
    Nov 7, 2015 3:49 PM in response to Game Dude

    Game Dude wrote:

     

    There is plenty of info about how secure a password is vs finger print. Also a password usually conforms to what the users percieve as memotable. This makes passwords less secure. They are not random.

    A 8-12 character alphanumeric passcode made based on a phrase or rhyme or other combination of letters and numbers can be both easy to remember and also very difficult to crack. Admittedly a simple 4-digit numeric code is not nearly as good, and that is why I do not use them, as I said.

     

    But any fingerprint scanner, or face recognition camera, or voice recognition via a microphone are all subject to simple hardware failures. There has to be a backup to allow people to get into their devices in the event of such a hardware failure of that one critical piece of hardware necessary for the biometric security system.

     

    iOS includes the ability to make that backup password very secure as well, but people have to be willing to make use of those features. Reality, according to police theft reports and FBI stats are that most owners of smart phones have no security block on their devices at all - they'll claim it is too inconvenient to use.

  • by Meg St._Clair,

    Meg St._Clair Meg St._Clair Nov 7, 2015 8:08 PM in response to Game Dude
    Level 9 (59,201 points)
    iPhone
    Nov 7, 2015 8:08 PM in response to Game Dude

    TThe fingerprint can't Stan alone because, fo security reasons, as I understand it, the phone has to be booted to decrypt the stored data and match it to your finger. It can't do that if you've just restarted the phone.

Page 1 Next