The iPhone 5s fingerprint reader: More about convenience than security

The iPhone 5s fingerprint reader: More about convenience than security

Summary: The more I use Touch ID, the more I come to see it as a feature of convenience as opposed to a security feature. Even with it, most handsets will ultimately be protected by a four-digit passcode.

SHARE:
23
Touch ID sensor on the iPhone 5s
(Source: Apple)

Apart from the new gold finish option – for that added 'SWAG!' appeal – the main reason why an existing iPhone 5 owner would want to upgrade to the iPhone 5s is the fingerprint reader. Sure, the CPU and GPU are both twice as powerful as their predecessors, but in your hand you're seriously hard-pressed to feel this bump in performance unless you are a hardcore Infinity Blade fan.

No, the real difference between the iPhone 5s and its predecessor is the Touch ID fingerprint identity sensor that Apple has integrated into the home button. When you lightly touch your finger to the button the metal ring surrounding it sense your finger and the high-resolution capacitive sensor hidden behind a laser-cut disk of sapphire crystal scans your print and quickly decides if you are on the handset's guest list or not.  

After only a few minutes of using the Touch ID sensor I was fully converted to its use. Having to physically press the home button and then type in the passcode to wake up my iPhone 5 suddenly felt archaic. That's one of Apple's strong points – taking something that you did habitually and making is much simpler.

But the more I use Touch ID, the more I come to see it as a feature of convenience as opposed to a security feature.

The problem is that while, as in Apple's own words, "your fingerprint is the perfect password," Touch ID is really little more than a convenient way to enter your passcode, because behind the Touch ID is a passcode, and for most people, that will be continue to be a four-digit passcode. The Touch ID system is little more than an optional extra bolted onto the old passcode system.

Your fingerprint may well be unique, but the four-digit passcode that most people will choose to use as a backup for it won't be.

Now, you could choose a more complicated passcode, or even a password or phrase, and this would increase the security offered. It does, however, bring with it another problem. The more infrequently you use your passcode, the more likely it is to evaporate out of your mind and not be there when you need it.

And because your handset will be locked, you can't rely on being able to retrieve it from a password safe, at least not off the same device.

This is a road that can lead you headlong into a world of pain.

While the Touch ID sensor does bring with it a small increase in security for those who might have previously made use of passcode – since you have to type the passcode in less frequently, there's less of a chance that someone looking over your shoulder will figure it out – the people who really benefit are those who previously would have left their iPhones unprotected because entering in a passcode was too much of a hassle. Now these people get to protect their handset and have a convenient way to unlock it. However, there is still the risk that they will forget the passcode, especially as they don't have one already burned into their minds.

In the short time I've been using the Touch ID sensor I've also found a few oddities with the way it works. For example, depending on how I hold my iPhone, I have to register different fingers in different ways. When I'm holding my iPhone one-handed, I unlock it with the side of my thumb, but when it is held in two hands I use the pad of my index finger, and when it is held in the dock in the car, I tend to jab at it with the tip of my index finger. To get the best out of the Touch ID sensor I have to enroll these fingers in this way.

Another thing I noticed is that when unlocking the handset with the Touch ID sensor, you don't get to see what's on the lock screen notification center, making it easy to overlook a missed call or iMessage.

Another problem is how fingerprints are stored. If you have multiple dabs logged, it can become unclear which is which, and if you let someone else "have a go" then things might get complex. Also, you might overlook the fact that someone with access to your passcode might have added his or her own finger into the system.

While I firmly believe that Touch ID is a step in the right direction – and that we'll be seeing fingerprint sensors not only on the next-generation iPads, but also on a myriad of Android devices – I think it will take Apple some time to refine the system. iOS 7 was the first big change to the platform since it was first unveiled in 2007, and over that time Apple had worked hard to bring the platform up to a level of maturity that iOS 7 is not yet at. While I have great hopes for Touch ID in the future, for now it is little more than a tool of convenience.

Topics: Mobility, iPhone, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

23 comments
Log in or register to join the discussion
  • Agreed

    You wrote: "After only a few minutes of using the Touch ID sensor I was fully converted to its use". I used to have a laptop with this feature and I came to see it the same way. My current laptop has facial recognition, but I see it more as a feature of convenience than for security.
    roteague
  • This is the trial run for

    the fingerprint reader. All new Iphone 5 users (buyers) will be the guinea pigs for these trials. Best to wait and see what improvements are made....
    I also see see fingertip recognition as utter laziness. How can you forget a password on a device you supposedly use all day everyday? Either it's addictive enough that you you constantly, or a product you hardly use, which causes you to forget a password...which is it?
    Charles_B
    • Missing the point

      I think you are missing the point. Using your fingerprint is faster than keying in a PIN or password. For me, I don't even use a PIN because it is a hassle, but I'm sure I'd regret that if my phone got stollen. I'd certainly use a fingerprint scanner, though, as it seems very easy, quick, reasonably secure and, well, frankly looks fun (at least to try/play with).
      edelbrp
      • It IS fun

        You're right, it is fun! :-) If you get your timing right… a press slightly longer than usual but not long enough to activate Siri, the phone activates as if there were nothing extra going on. It's just a matter of a moment, but that fraction of a second can bring a grin to your face! It really is cool to see a new feature work so seamlessly.
        Mark_42
    • Some people can't appreciate progress.

      It's not a matter of utter laziness, it's a matter of convenience. Like power steering or a starter that doesn't require a hand crank.

      If a fingerprint is added or changed, the code must be entered. If the phone has been restarted or hasn't been used in 48 hours, the code must be entered. The phone doesn't give you the opportunity to forget the code.

      By your criteria any new feature would make the user a guinea pig. Fine. I'm a guinea pig for a device that works fine in its first iteration. Oh, the hardship.

      I do have to give credit where credit is due though, you're original enough to attempt to trash a new, highly successful feature that all reviewers seem to like, rather than attacking the screen size or the 64 bit architecture.

      Kudos.
      Mark_42
      • Nothing new

        Fingerprint scanner was used in HTC p6500 and in Acer M900 5—6 years ago with the same functions.
        Nobody went gaga over it.
        I am just waiting for an invention by Apple Inc...which is round in shape ...has some spokes...speeds up things...wait....I think it's been already done...it is called a wheel.
        Hrishikesh Kalgaonkar
        • There’s a difference between doing something and doing something right.

          No, the function was different. The earlier fingerprint scanners required the finger slide across an optical sensor. This makes a big difference because it requires a motion along a sensor rather than just a slightly altered use of an existing UI element. The only difference between using the home button as it's been used for years and the new operation is that you wait a small fraction of a second longer to remove your finger. A very easy adjustment to make and no sliding or other unnatural movements to make.

          This is how Apple sets itself apart. They don't just haphazardly pile on new features, they add new functionality as unobtrusively as possible. They could have used optical technology and put a sensor you slide your finger over anywhere on the phone and provided the same functionality, but without the seamless convenience it just wouldn't be their style.
          Mark_42
  • Better than no security

    Definitely a good step up in security for those folks who couldn't be bothered with any passcode.
    MajorlyCool
  • Definitely not the "ultimate" in security

    A fingerprint reader mass-marketed for desktop/laptop computers was successfully hacked by Heineman and Savage on Mythbusters a few years ago by enlarging, hand-retouching, and re-shrinking a fingerprint image surreptitiously obtained from the authorized user (Kari took a glass of lemonade to Grant and delivered the empty glass to Adam), and converting it to a relief image on a piece of rubber cement, stuck to the intruder's own finger.

    If the intruder has access to a police or military fingerprint database in which the target is registered (which would include police and military themselves, doctors, nurses, as well as convicts and former suspects), and the target's identity has been established, the filed prints may be an even better source than any subterfuge to get a physical print.

    Has the technology available to consumers (as opposed to what military and government agencies are allowed to purchase) been significantly improved since then?

    If it is not too awkward to hold the phone and position the fingers in a different way, the user MIGHT get more security by programming it for, say, the heel of the opposite hand, or the thumb held upside down, or the prints on the sides of two fingers of opposite hands pressed face to face. Anything other than expected ways of pressing the button may slow down, if not stop, an intruder.
    jallan32
    • You're missing the point entirely.

      This feature is in place to provide security for people who generally don't use a passcode. It's having security when there was none before.

      It's virtually seamless, just requiring the finger to be kept on the home button for a small fraction of a second longer than usual. The vast majority of phone thieves aren't going to bother using forensic techniques to lift a fingerprint so this method is secure enough for day to day use.

      It's easy, takes no special effort, works virtually every time and leaves what would have been an unsecured phone, secured to the point where the typical phone thief would have a trackable brick for his troubles.
      Mark_42
  • Actually

    "The more infrequently you use your passcode, the more likely it is to evaporate out of your mind and not be there when you need it"

    On a restart you need to enter in your passcode before Touch ID will work. So for most people you will need to enter it in a least a few times each week.
    TimeForAChangeToBetter
    • You restart your iPhone that often?

      I've gone sometimes 2-3 months without having to restart my iPhone.

      But as for complex passcodes, I think it would be better to use a pass phrase- something that you think about often that you can put in words, and then use that as your in to the machine. What defeats this is Apple's requirement that you change your iTunes password once every 90 days, but if that could be gotten around a pass phrase would provide the maximum security.

      Spoken by a person who doesn't currently use a passcode of any kind on his iPhone 4S- since my 2-year-old son likes to watch videos on the phone in the evening, and would brick the phone for a few minutes by incorrectly entering the passcode (as he does on my wife's iPhone), and since my phone is rarely out of my hands or shirt pocket when I am out of the house, I haven't found a need for it. If I do get a new iPhone 5S (though I'll probably hold out another year for the next iteration, or wait until my phone either breaks or loses battery life) I would use the fingerprint ring, but also train it to my son's finger and teach him how to open the phone with it.
      ssaha
      • itunes password

        you said "What defeats this is Apple's requirement that you change your iTunes password once every 90 days"
        i have had the same password for my itunes account for the last 2 years and apple has never asked me to change my password.
        Michelle Neild
        • Since day one

          I've had an active iTunes account since the ITMS came online and I've never had to change my password.
          Mark_42
  • Touch ID

    If you search the Apple Support page and read the literature they place there for their customers, you'll see that the point IS convenient-security. It's so that the customers who don't use a password, because they don't want to have to type it in every time they check their phone, will now use a passcode BECAUSE it's convenient to use a fingerprint, thus making it a more secure device (because a passcode is ALSO required). It's a perfect way to secure the device, along with activation lock in iOS 7, this may severely discourage thieves from stealing iOS devices.

    From Apple's website (http://support.apple.com/kb/HT5949)

    "... more than 50 percent of smartphone users don't use a passcode. Your fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike. Touch ID is a seamless way to use your fingerprint as a passcode."
    Casey Tipton
  • Touch ID

    If you search the Apple Support page and read the literature they place there for their customers, you'll see that the point IS convenient-security. It's so that the customers who don't use a password, because they don't want to have to type it in every time they check their phone, will now use a passcode BECAUSE it's convenient to use a fingerprint, thus making it a more secure device (because a passcode is ALSO required). It's a perfect way to secure the device, along with activation lock in iOS 7, this may severely discourage thieves from stealing iOS devices.

    From Apple's website (http://support.apple.com/kb/HT5949)

    "... more than 50 percent of smartphone users don't use a passcode. Your fingerprint is one of the best passcodes in the world. It's always with you, and no two are exactly alike. Touch ID is a seamless way to use your fingerprint as a passcode."
    Casey Tipton
  • It's for security

    I used to rarely use a passcode. With the 5s, it's far more convenient to unlock the phone with TouchID than to not have a passcode and unlock by swiping.
    Thanks to the convenience, I'm now secure.
    dogbreath1
  • actually

    "Another problem is how fingerprints are stored. If you have multiple dabs logged, it can become unclear which is which, and if you let someone else "have a go" then things might get complex. Also, you might overlook the fact that someone with access to your passcode might have added his or her own finger into the system."
    Actually, when you're on the settings screen, you can touch the sensor and it'll tell you which one its registered to.
    jimb0hk
  • Fingerprint only

    "Your fingerprint may well be unique, but the four-digit passcode that most people will choose to use as a backup for it won't be...The more infrequently you use your passcode, the more likely it is to evaporate out of your mind and not be there when you need it."

    That really seems to be the rub. If the fingerprint is not independent of the passcode, then the cost makes the convenience somewhat pointless. I wonder how much additional programming/hardware/cost would be needed to make these truly independent. (rhetorical I suppose)
    msegal
  • Exactly

    I've had friends say it's either not bulletproof enough or it's a useless gimmick. But it's really for the majority who don't use a PIN but want some security or use a PIN and find it annoying.
    edelbrp