LOL So much for Apple's touch ID "security"

[jpeyton]

The pin code gives you a few tries before the phone is wiped.

What's your point? It still means you've secured your phone with a 4 digit numeric pin code. The two types of security (PIN code and TouchID) are not additive, so you can use either one individually to gain access to a device.

 

[MrX8503]

What's your point? It still means you've secured your phone with a 4 digit numeric pin code. The two types of security (PIN code and TouchID) are not additive, so you can use either one individually to gain access to a device.

I didn't say they were additive. These security measures would stop a common thief.

 

[lopri]

Kind of an off-topic, but how secure is a pattern lock? It's what I use on my Android devices because I set up patterns in area where my thumbs can easily reach with one hand. You can make pretty complex patterns but I go with easy ones for convenience.

A semi-complex one can look like this.

 

[zerogear]

Kind of an off-topic, but how secure is a pattern lock? It's what I use on my Android devices because I set up patterns in area where my thumbs can easily reach with one hand. You can make pretty complex patterns but I go with easy ones for convenience.

A semi-complex one can look like this.

Not really that secure because if you don't always wipe your screen, your fingerprints makes a very distinctive marking on the screen that allows people to figure out your patterns.

 

[seepy83]

Kind of an off-topic, but how secure is a pattern lock? It's what I use on my Android devices because I set up patterns in area where my thumbs can easily reach with one hand. You can make pretty complex patterns but I go with easy ones for convenience.

A semi-complex one can look like this.

The biggest problems with Pattern unlock are your fingers leaving streaks on the screen in the shape of the pattern, or using a pattern that's easy for a shoulder-surfer to "read" and remember. In the Android security settings, unchecking the box for "make pattern visible" may help to mitigate the shoulder-surfer threat.

The other thing about patterns is that (I am fairly confident without having a mathematician determine the actual number of combinations) there are significantly fewer pattern combinations than there are numerical PINs of equal length. Each "dot" can't be repeated, and you can't "jump" over a dot to reach another one when the middle dot is in the direct linear path, so there are fewer patterns possible. Each "next possible dot" is limited based on what dot you start at and where you have gone already. To clarify that a little, think of each dot as being a number:
123
456
789
If i start at dot 3, I have to go to either 2, 4, 5, 8, or 6 next. 3 can never be followed by 1, 7 or 9 because it has to pass directly through 2 to get to 1, 5 to get to 7, or 6 to get to 9. 3 also can't be followed by another 3,and you can never go back to 3 after you've already been there. Continue with those same rules and you'll see the possibilities decrease quickly.

 

[Eug]

Basically, the guy says:

1) TouchID isn't any more secure than a PIN code for a casual thief/hacker, it's simply more convenient to enter.

Not quite he said, but the point is yes, it's a huge advantage because it's much, much more convenient, and that's a good thing. There is no claim that it is more secure. Furthermore, I don't think anyone here with any common sense is arguing that it is more secure. Certainly, I am not arguing it is more secure. I am arguing it is hugely convenient... and like I said before I've been wanting something like this for nearly a decade, but didn't expect to see it (working well) before 2020.

Motorola came out with this back in 2011 I believe, but it was totally useless because of crappy implementation. It took until 2013 for Apple's take two, to make it usable.

2) TouchID is actually less secure from a 5th Amendment standpoint.

Dunno, but I don't live in the US.

3) TouchID would only add security if it was a second layer on top of an existing security layer, thus bypassing any convenience.

Yes, this is what he says, for stuff where increased security is desirable, like banking transactions. However, he does not advocate combo passcode + fingerprint for just unlocking your lock screen on your phone. That would simply be stupid, unless you work for the CIA or something.

BTW, I don't understand why stuff like face unlock and pattern unlock are given a free pass. Well, maybe I can understand for face unlock, because it's badly enough implemented that people don't use it anyway, so it becomes moot. Face unlock is the epitome of useless gimmick. However, pattern unlock is also inferior to a long passcode, yet nobody here seems up in arms about its inferior security.

 

[jpeyton]

Nobody is giving face unlock a free pass. It's useless. I tried it for fun and found that it's unworkable in any low light situation. It's also silly to use while driving or walking.

The bottom line is that for a majority of people, there is no information sensitive enough on their phones to warrant a weak security lock screen. As another member mentioned earlier, the best and most convenient solution is to physically secure your device. If your phone rides in your pocket all day, having a lock screen of any kind is just an unnecessary hurdle.

If you think a thief cares about your text messages or emails, you're sorely mistaken. 99.999% of the time, they want to flip your device for cash as quickly as possible.

 

[lopri]

It seems like the fingerprint data staying local is an unrealistic expectation? As people own more than one iDevices, and want to access their stuff on someone else's/shared iDevices, it seems inevitable that Apple would maintain the database for "user convenience".

I hope I am wrong.

 

[Suspicious-Teach8788]

DeLerium:

that's kind of creepy that you dig through my old posts....maybe I should use TouchID to lock my history.

Anyway, so you are okay having to always use two hands to unlock a small phone? Yikes. The iPhone 5S is one of the slimmest phone and designed for one hand operation, yet you don't think it's absurd that MrX8503 thinks its okay to unlock using index finger. Also, yes I see girls use two hands to operate iPhone5 (Facebooking, emailing...etc).

Of course people use 2 hands for Facebooking if they have to type comments and email.

If you seem to think using 2 hands for a phone is normal, so why are you so against it all of a sudden? I'd rather not unlock my phone with 2 hands, but it's not impossible with your index finger. Plus, it's still faster than having to press a minimum of 4 keys EACH time with a PIN unlock. No one here is pushing for 2 hands unlock. You're just using a straw man argument. MrX8503 was just suggesting that in the event your thumb fingerprint is indeed compromised and you'd like to use an uncompromised print. The point is there are alternative digits for you to use. Whether or not that's a fair trade off is for the user to decide.

Yes, I agree with Zaap. It was beautifully written. I don't use any passcode or TouchID. They are all hassles to me and I don't store top secret data in my phone neither. No one is "making a fuss", it's called a "discussion" or "making an argument". You know, differences of opinion. I think it's a gimmick and you don't, but you don't need to get your panties all twisted. You don't have to get all worked up whenever someone doesn't agree with Apple and its diehards. Relax my friend.

So it's a gimmick according to you, but in the end if you don't like it, don't use it. Why do you spend so much time trash talking it? You also seem to spend so much time trash talking Apple. Bias much? If anything you need to stop getting all worked up in this thread. Haven't you learned from your moderator warning?

Gimmick

Supposedly you can type your PIN faster than TouchID because pressing 4-6 digits is faster than 1 press.

No one else can dream for fingerprint scanner because to you it's stupid

Typical insults at Apple as a company, and then bringing in Moto X as if the other gimmicks are better. Why aren't you worked up about those gimmicks but you're so worked up about Apple's features?

More BS about how thumbprint reading is slow. Maybe your thumb rests on the side of the phone, but for people actively using their phone, their thumb will be on the screen or on the home button of their iPhone. Using your logic, PIN unlock should be done with keys on the side of the phone because tapping the screen isn't the natural position

Equating disliking PIN unlocks to disliking the iPhone. Please take Logic 101.

Now attacking companies for where their products are designed and built.

Trying real hard to slam the fingerprint scanner again

Zero facts about how fingerprints are less secure than PIN.

For someone who said that Zaap summed it up perfectly in saying

In short: huge non-issue for most non-James Bond types. And James Bond probably would use my wallet/keys method for his phone also.

You sure seem to get worked up a lot. Those quotes are only from Page 1 of this thread. Let's not even talk about how much nonsense you bring up in Pages 2 and 3. If it's a gimmick, you've sure learned to just ignore it quite well huh?

 

[Eug]

Nobody is giving face unlock a free pass. It's useless. I tried it for fun and found that it's unworkable in any low light situation. It's also silly to use while driving or walking.

I know, and pretty much said as much. But why does pattern unlock get a free pass?

As another member mentioned earlier, the best and most convenient solution is to physically secure your device. If your phone rides in your pocket all day, having a lock screen of any kind is just an unnecessary hurdle.

I didnt think it needed to be said, but apparently it does. That's just plain foolish to think you can always keep it physically secure.

 

[openwheel]

Of course people use 2 hands for Facebooking if they have to type comments and email.

If you seem to think using 2 hands for a phone is normal, so why are you so against it all of a sudden? I'd rather not unlock my phone with 2 hands, but it's not impossible with your index finger. Plus, it's still faster than having to press a minimum of 4 keys EACH time with a PIN unlock. No one here is pushing for 2 hands unlock. You're just using a straw man argument. MrX8503 was just suggesting that in the event your thumb fingerprint is indeed compromised and you'd like to use an uncompromised print. The point is there are alternative digits for you to use. Whether or not that's a fair trade off is for the user to decide.



So it's a gimmick according to you, but in the end if you don't like it, don't use it. Why do you spend so much time trash talking it? You also seem to spend so much time trash talking Apple. Bias much? If anything you need to stop getting all worked up in this thread. Haven't you learned from your moderator warning?

Gimmick

Supposedly you can type your PIN faster than TouchID because pressing 4-6 digits is faster than 1 press.

No one else can dream for fingerprint scanner because to you it's stupid

Typical insults at Apple as a company, and then bringing in Moto X as if the other gimmicks are better. Why aren't you worked up about those gimmicks but you're so worked up about Apple's features?

More BS about how thumbprint reading is slow. Maybe your thumb rests on the side of the phone, but for people actively using their phone, their thumb will be on the screen or on the home button of their iPhone. Using your logic, PIN unlock should be done with keys on the side of the phone because tapping the screen isn't the natural position

Equating disliking PIN unlocks to disliking the iPhone. Please take Logic 101.

Now attacking companies for where their products are designed and built.

Trying real hard to slam the fingerprint scanner again

Zero facts about how fingerprints are less secure than PIN.

For someone who said that Zaap summed it up perfectly in saying
You sure seem to get worked up a lot. Those quotes are only from Page 1 of this thread. Let's not even talk about how much nonsense you bring up in Pages 2 and 3. If it's a gimmick, you've sure learned to just ignore it quite well huh?

Goodness gracious. Do you work for Apples viral marketing department? Again please don't get so worked up over something this silly. Its only a difference of opinion. Sorry this fingerprint scanner still is gimmicky IMO.

 

[openwheel]

I know, and pretty much said as much. But why does pattern unlock get a free pass?


I didnt think it needed to be said, but apparently it does. That's just plain foolish to think you can always keep it physically secure.

Because this thread is not about pattern lock and pattern lock is old news from 2008. Again you guys are stretching so far trying to defend Apple.

 

[Eug]

Because this thread is not about pattern lock and pattern lock is old news from 2008. Again you guys are stretching so far trying to defend Apple.

And there is the problem. You see this as people trying to defend Apple, whereas I and others see this as recognizing a great advance in the mobile space, regardless of the company.

This is a very big deal, but there are always people who just won't be able to see it. Meanwhile, the rest of the world moves on and adds those pieces of technology into their daily lives.

Like I said, this will come to other companies products in a usable fashion (not Atrix), now that Apple has proven it can be done.

 

[MrX8503]

No matter how much people cry over Touch ID, I bet millions of people will use it. Apple has done a great job of implementing it.

 

[Red Storm]

I guess this means that physical home button is never going away, which also means that large bezel will stick around forever too. I'm sure those who like it will enjoy and use it though.

 

[Eug]

I guess this means that physical home button is never going away

I damn well hope so. As you know, I think one of stock Android devices' biggest annoyances is the lack of a physical home button. That's the one spot where I think Samsung has gotten it right.

 

[bearxor]

So I've not been following the discussions since the beginning but...

All I know is that I've never used a PIN on my phone. Ever. Now I have one. Does that make me feel like it's more secure? Not really. It stays with me all the time because my phone is also my wallet.

At least now I'll be able to put my work's email on my phone. They required a PIN and I simply refused. Now, it's fast enough and unobtrusive enough for me to use the fingerprint reader. So I guess that's a positive.

I guess this means that physical home button is never going away, which also means that large bezel will stick around forever too. I'm sure those who like it will enjoy and use it though.

Oh god yes. I hope the physical home button NEVER goes away.

 

[PowerYoga]

Crazy how the apple fanboys are defending such an antiquated piece of gimmick technology and trying to make a broken security feature sound "revolutionary" or being a "great advancement".

There's a reason less and less companies worldwide are using fingerprint scanners. Hint: It doesn't work very well.

 

[seepy83]

No matter how much people cry over Touch ID, I bet millions of people will use it. Apple has done a great job of implementing it.

I wouldn't say they've done a "great" job of implementing it. Yes, they have successfully added a fingerprint reader to their phone, and it works well, but they've only done a good implementation. A great implementation would allow for the fingerprint to be used along with a PIN/passphrase for 2-factor authentication.

 

[Eug]

Crazy how the apple fanboys are defending such an antiquated piece of gimmick technology and trying to make a broken security feature sound "revolutionary" or being a "great advancement".

There's a reason less and less companies worldwide are using fingerprint scanners. Hint: It doesn't work very well.

Hint, if you implement something poorly, it doesn't work very well. The difference here is that Apple implemented it extremely well, according to all the reviews, including Anand's.

When I first heard the rumors of Apple integrating a fingerprint scanner into the iPhone 5s’ home button I was beyond skeptical. I for sure thought that Apple had run out of ideas. Even listening to the feature introduced live, I couldn’t bring myself to care. Having lived with the iPhone 5s for the past week however, I can say that Touch ID is not only extremely well executed, but a feature I miss when I’m not using the 5s.

I wouldn't say they've done a "great" job of implementing it. Yes, they have successfully added a fingerprint reader to their phone, and it works well, but they've only done a good implementation. A great implementation would allow for the fingerprint to be used along with a PIN/passphrase for 2-factor authentication.

The hardware implementation is here, and done well. What you're talking about now is an evolutionary feature for iOS, and I too hope they will implement that for some 3rd party apps. It should be noted that this will be indeed opened to 3rd parties (without access to the fingerprint data) according to Apple, so it's quite possible that certain financial apps will implement this on their own directly in the apps.

 

[mosco]

I wouldn't say they've done a "great" job of implementing it. Yes, they have successfully added a fingerprint reader to their phone, and it works well, but they've only done a good implementation. A great implementation would allow for the fingerprint to be used along with a PIN/passphrase for 2-factor authentication.

I am wondering if they plan on doing this. The downside of this is that if you somehow forget the pin, your phone is a brick, where as if you forget the pin now at least you can still use your finger. I forget, can you do a restore of the phone through iTunes if the phone is locked?

 

[bearxor]

I am wondering if they plan on doing this. The downside of this is that if you somehow forget the pin, your phone is a brick, where as if you forget the pin now at least you can still use your finger. I forget, can you do a restore of the phone through iTunes if the phone is locked?

Only if you put the phone in to recovery mode first.

 

[PowerYoga]

Hint, if you implement something poorly, it doesn't work very well. The difference here is that Apple implemented it extremely well, according to all the reviews, including Anand's.

Hint: it's not the implementation, it's the TECHNOLOGY. Fingerprint ID technology, in a nutshell, sucks and is also unnecessary on a phone as it doesn't protect it better than a pincode (which has already been mentioned, can be set to wipe your phone after a few retries). Both have been shown to be easily breakable by anybody that wants to get to the data on your phone, which brings us to the age old argument: The best way to protect the data on your phone is by NOT losing it in the first place. If someone has your phone and is trying to swipe fingerprints on your phone to get to your data you are already fucked. The additional downside is now apple has your fingerprint and can give it to whoever they want, like law enforcement agencies.

It's like a 3rd nipple: fun to play with but completely unnecessary and redundant in every way shape and form.

 

[openwheel]

Redundant is a good description

 

[MrX8503]

I wouldn't say they've done a "great" job of implementing it. Yes, they have successfully added a fingerprint reader to their phone, and it works well, but they've only done a good implementation. A great implementation would allow for the fingerprint to be used along with a PIN/passphrase for 2-factor authentication.

I would disagree. What you're describing is a further extension of what they've already laid down. No one has done this well with a fingerprint scanner, thus Apple did a great job of it.