grep jason_

iPhone TouchID

I did indeed upgrade from the iPhone 5 to the iPhone 5s. I think there is definitely enough awesomeness in the new hardware to make it a worthwhile upgrade. This is not an iPhone 5s review however so I will leave it at that. Not to mention, it will still be a little while before software catches up with the hardware leap. We won’t see the full potential of the iPhone 5s for at least 3-6 months.

What I do want to chat about quickly is a new hardware / software feature that I am really liking for several reasons, TouchID. TouchID being the fingerprint scanner hardware built into the iPhone’s home button that allows you to use your fingerprint to unlock your phone rather than using a passcode. There are tons of reviews and comments regarding this feature and I am going to go through 3 topics.

1) “TouchID was Hacked”:
Within the first week of release there were claims of TouchID having been hacked. This is the natural progression of technology. Something new comes out, the first steps are to find ways around it. I am fully on board with this, and I encourage this! The problem I have with this particular instance is calling it a hack. In a broad sense, yes it is a hack. But the headlines all read like the technology is broken and somehow has a hole in it. All of the techniques to bypass TouchID so far are spoofs more than hacks. They make a really good copy of the fingerprint and use that to access the phone. The process is not trivial and for the majority of users this is not a problem as I see it. With the amount of work it takes to make the copy, it would be easier to follow the person around and watch them enter their cheesy 4 digit passcode and then just use that.

2) “Passcodes are inconvenient”:
Whether most people want to admit it or not, our phones have our lives on them. One way or another there are vectors into deep parts of your life through your phone, whether you realize it or not. The scary realization I have come to over the last 3+ years is a lot of people use lame passcodes (0000) or even worse don’t use one at all! How secure is that!? If something like TouchID can get these people to actually set a passcode but not be “bothered” with entering it, that is a huge win. If it takes all the hassle of recreating a fingerprint to get into someone’s phone over simple opening it because there is no passcode, that raises their security bar immensely!

3) “More secure?”:
It is way too early to call TouchID either “more secure” or “less secure”. The fact is, if you need more secure, you will use nothing less than a 42 character alphanumeric passcode with the phone is set to autolock immediately. In reality, most people don’t need this and will never do that. That being said, TouchID does allow for somewhat of a middle ground perhaps. You can set a long alphanumeric passcode and then use your fingerprint as a type of shortcut. There are still some precautions that have been taken to help with attacks on TouchID. If the wrong fingerprint is tried 5 times, the phone will only be unlockable using that strong alphanumeric passcode. This is also true if the phone is restarted or not opened with a finger within a 2 day period.

Until TouchID is legitimately bypassed and proved to be faulty, I am definitely going to be on the side of proponents. It is a cool and useful feature that makes using the device a little more enjoyable. After all, shouldn’t the point of these devices be to better our lives by working with us rather than against us?