Friday, April 22, 2016

Apple Touch ID is dangerous.

Many iOS apps, including Apple secure Notes and banking apps and 1Password.app and Apple Pay provide an option to use Touch ID for authentication. Apple makes much of the security advantages of Touch ID.

Sometimes Touch ID fails to recognize your finger. That’s no problem, you can repeat that finger recording, or you can add another one. All you need to know is your iPhone’s unlock code.

All anyone needs to know is your iPhone’s unlock code. With it can add their own finger, and unlock anything that was Touch ID enabled. In my testing on Apple’s secure Notes a fingerprint added after a Note was created opens the Note.

So Touch ID is only as secure as your iPhone’s unlock code. Which, even with Touch ID enabled, you have to enter too often. So you probably make it short and tappable so you can do that.

Yeah, once you enable Touch ID on your bank account, you’ve basically changed its password to your iPhone’s conveniently short and tappable unlock code.

Touch ID is dangerous.

No comments: