The flaw in the fingerprint plan… how secure is Touch ID?

Jul 07, 2017 - by David Hasell

Why Apple's Touch ID might not be as secure as you think and what you can do to make it safer

From making payments with Apple Pay, to accessing online banking apps or highly secure password locker apps, the use of fingerprints as a convenient and reassuring security measure has become part of normal daily life for millions of people. But what you might not realise is that fingerprint security is actually only as strong as the passcode we use to unlock our iPhone or iPad. 

Do you still use a 4 or 6-digit passcode to unlock your phone? Do you guard that passcode as tightly as you would your PIN when withdrawing cash from an ATM? Or do you tell it to your kids/friends/colleagues who ask to borrow your phone? Could someone looking over your shoulder in the pub or on the train see your PIN as you type it in?

Because once someone has got their hands on your iPhone and passcode, they only need a few seconds to go into your phone's settings and replace one of your fingerprints with their own. Yes, the only security Apple uses to manage the fingerprints on your phone is the humble passcode. Once the person has added their own fingerprint to your phone they can do anything you would do with your own fingerprint - and that may include spending your money or accessing all the passwords in your password locker.

So, how do I make Touch ID safer?

Apple could help by requiring something more secure than a passcode - such as your Apple ID password or some other form of second factor authentication in order to change a fingerprint setting - but in the meantime here are a couple of suggestions for improving security when using iPhones and iPads with Touch ID:

1. Keep your passcode to yourself

It sounds obvious, but don’t share your passcode. With anyone. And never let anyone see you unlocking your phone. Also make sure that your passcode isn't something easy to guess, such as 0000, 1234, your date of birth, or the last four digits of your phone number. You wouldn't give your cash card PIN to anyone you don’t completely trust, so as smartphones effectively become mobile wallets, you should treat your passcode with the same respect.

2. Use a longer passcode or passphrase

For the most security conscious, the best thing you can do is change your passcode to a passphrase. A passphrase is essentially a password that can be as long as you like. It could be a quote, or a short saying, or three unrelated words - mix in a few numbers or special characters and you have a passphrase that is infinitely more secure than a 4-digit pin.  Yes it may be tiresome to unlock your phone with a long passphrase every time you switch it on having run out of battery, but for the most part you can still unlock with the convenience of your fingerprint. But if the idea of having to remember a long passphrase is too much, then a 6-digit passcode is still a better option than 4-digits.

How to change your 4 or 6-digit iPhone/iPad passcode to a much stronger alphanumeric passphrase

  1. Go in to Settings > Touch ID & Passcode
  2. Enter your current passcode
  3. Scroll down and tap Change Passcode
  4. Enter your old passcode again
  5. On the 'Enter your new passcode' screen, don't enter a 6-digit code but instead tap Passcode Options
  6. Select Custom Alphanumeric Code
  7. Carefully type in your chosen passphrase then click Next and type it in again to verify
  8. Click the home button to go back to your home screen
  9. Congratulations, you're now much safer than you were before, but don't forget your new passphrase! If you need to write it down somewhere, then make sure you disguise it so that it's not obvious to anyone else.

If you run a business in the south east of England and are concerned about the security of your IT setup, Qdos is here to help. Contact us today for a free network audit on 020 8763 8732 or use the enquiry form

0 comments

Leave a reply