Rich Mogull on the Security Implications of Fingerprint Scanning

Rich Mogull, writing for TidBITS:

Practically speaking, for most consumers, a fingerprint is more secure than a passcode on your iPhone. It’s definitely more secure than a four-digit passcode.

But the real reason is that using fingerprints creates better security through improved usability. Most people, if they use a passcode at all, stick with a simple four-digit passcode, which is easy for an attacker to circumvent with physical possession of your iPhone. Longer passphrases, like the obscure 16-character one I use, are far more secure, but a real pain to enter repeatedly. A fingerprint reader, if properly implemented, provides the security of a long passphrase, with more convenience than even a short passcode.

Actually, according to Apple’s information today, most people don’t use any passcode at all to lock their phones. So if Touch ID gets widespread adoption it could be a huge win for security across the whole iPhone user base.

Tuesday, 10 September 2013